[Webkit-unassigned] [Bug 136451] ASSERTION FAILED: url == m_string in WebCore::URL::URL when parsing "file:c"
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 17 00:35:35 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=136451
Ira Hall <3bcg4zh9 at smuggroup.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |3bcg4zh9 at smuggroup.com
--- Comment #4 from Ira Hall <3bcg4zh9 at smuggroup.com> ---
The security implications are pretty bad, since you can inject arbitrary code into your own web browser by visiting a malicious site, so make sure all updates from Apple have been applied! When WebCore::URL parses "file:c" it fails to compare the url variable to m_string. This caused a vulnerability in https://www.rush-my-essay.com/buy-college-essays/ WebKit where a file:///c%3A%3F would get parsed as file:///C:/? or some variant of that and allow code injection. The fix for this is to use strncmp instead of == when comparing strings.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210717/0b707b37/attachment-0001.htm>
More information about the webkit-unassigned
mailing list