WebKit ContainerNode::parserInsertBefore Universal Cross Site Scripting

Webkit suffers from a universal cross site scripting vulnerability in ContainerNode::parserInsertBefore.


MD5 | be606c86922521529e8c279978b2f631

 WebKit: UXSS via ContainerNode::parserInsertBefore 

CVE-2017-2508


This is a regression test from <a href="/p/chromium/issues/detail?id=519558" title="Security: Universal XSS via ContainerNode::parserInsertBefore" class="closed_ref" rel="nofollow"> https://crbug.com/519558 </a>.

The PoC works well in the latest nightly build of WebKit.


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.




Found by: lokihardt


Related Posts

Comments