Here's the page we think you wanted. See search results instead:

Toggle Menu

Chat Live

Confirm Your Country or Area

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

MXG Signal Generator UXA Signal Analyzer UXM for Wi-Fi 7 PXA Signal Analyzer Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

Apple Safari WebKit hoistSloppyModeFunctionIfNecessary Improper Object Validation

Strike ID:

E19-0mde1

CVSS:

8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

False Positive:

Variants:

Year:

2018

Description

This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the BytecodeGenerator::hoistSloppyModeFunctionIfNecessary method. It is possible to craft Javascript in such a way that allows for an object to be passed as the property variable directly as a string to the op_get_direct_pname handler without being properly validated. This can lead to a denial of service in the browser application or potentially allow for remote code execution to occur.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4386

Google

https://code.google.com/p/google-security-research/issues/detail?id=1665

Welcome

What are you looking for?

Apple Safari WebKit hoistSloppyModeFunctionIfNecessary Improper Object Validation

Description

CVE

Google