Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.12151
Percentile: 0.93506

CVSS Scoring

Mapped CWE(s)

• CWE-416 : Use After Free

Affected Products

• cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
• cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
• cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
• cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
• cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

← Back to Home