[Webkit-unassigned] [Bug 136451] ASSERTION FAILED: url == m_string in WebCore::URL::URL when parsing "file:c"

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jul 17 00:35:35 PDT 2021


Ira Hall <3bcg4zh9 at smuggroup.com> changed:

           What    |Removed                     |Added
                 CC|                            |3bcg4zh9 at smuggroup.com

--- Comment #4 from Ira Hall <3bcg4zh9 at smuggroup.com> ---
The security implications are pretty bad, since you can inject arbitrary code into your own web browser by visiting a malicious site, so make sure all updates from Apple have been applied! When WebCore::URL parses "file:c" it fails to compare the url variable to m_string. This caused a vulnerability in https://www.rush-my-essay.com/buy-college-essays/ WebKit where a file:///c%3A%3F would get parsed as file:///C:/? or some variant of that and allow code injection. The fix for this is to use strncmp instead of == when comparing strings.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210717/0b707b37/attachment-0001.htm>

More information about the webkit-unassigned mailing list