QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1691

Published: Apr 15, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.webkit.org/show_bug.cgi?id=57266

x_refsource_CONFIRM

http://code.google.com/p/chromium/issues/detail?id=77665

x_refsource_CONFIRM

http://trac.webkit.org/changeset/82222

x_refsource_CONFIRM

oval:org.mitre.oval:def:14365

vdb-entry

signature

x_refsource_OVAL

http://googlechromereleases.blogspot.com/2011/04/beta-channel-update_12.html

x_refsource_CONFIRM

google-countertocssvalue-dos(66818)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.