<html>
    <head>
      <base href="https://bugs.webkit.org/">
    </head>
    <body><span class="vcard"><a class="email" href="mailto:3bcg4zh9@smuggroup.com" title="Ira Hall <3bcg4zh9@smuggroup.com>"> <span class="fn">Ira Hall</span></a>
</span> changed
          <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED WORKSFORME - ASSERTION FAILED: url == m_string in WebCore::URL::URL when parsing "file:c""
   href="https://bugs.webkit.org/show_bug.cgi?id=136451">bug 136451</a>
          <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">CC</td>
           <td>
                
           </td>
           <td>3bcg4zh9@smuggroup.com
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED WORKSFORME - ASSERTION FAILED: url == m_string in WebCore::URL::URL when parsing "file:c""
   href="https://bugs.webkit.org/show_bug.cgi?id=136451#c4">Comment # 4</a>
              on <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED WORKSFORME - ASSERTION FAILED: url == m_string in WebCore::URL::URL when parsing "file:c""
   href="https://bugs.webkit.org/show_bug.cgi?id=136451">bug 136451</a>
              from <span class="vcard"><a class="email" href="mailto:3bcg4zh9@smuggroup.com" title="Ira Hall <3bcg4zh9@smuggroup.com>"> <span class="fn">Ira Hall</span></a>
</span></b>
        <pre>The security implications are pretty bad, since you can inject arbitrary code into your own web browser by visiting a malicious site, so make sure all updates from Apple have been applied! When WebCore::URL parses "file:c" it fails to compare the url variable to m_string. This caused a vulnerability in <a href="https://www.rush-my-essay.com/buy-college-essays/">https://www.rush-my-essay.com/buy-college-essays/</a> WebKit where a file:///c%3A%3F would get parsed as file:///C:/? or some variant of that and allow code injection. The fix for this is to use strncmp instead of == when comparing strings.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>