|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
WebKit.Org has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||wushi of team509