Changes

Jump to navigation Jump to search
9 bytes added ,  01:40, 9 February 2019
Line 26: Line 26:  
=== WebKit 537.73 (as used in Vita FW 3.50-3.60) (unknown or no CVE) ===
 
=== WebKit 537.73 (as used in Vita FW 3.50-3.60) (unknown or no CVE) ===
   −
Discovered by xyz. Fixed in 3.61 (see [https://blog.xyz.is/2016/webkit-360.html#bonus-how-sony-patched-it how it was patched]).
+
Discovered by an anonymous. Fixed in 3.61 (see [https://blog.xyz.is/2016/webkit-360.html#bonus-how-sony-patched-it how it was patched]).
    
The JSArray::sort method has a heap use-after-free vulnerability. If an array containing an object with a custom toString method is sorted, and the toString method causes the array to be reallocated, then the sorted elements will be written to the old freed address.
 
The JSArray::sort method has a heap use-after-free vulnerability. If an array containing an object with a custom toString method is sorted, and the toString method causes the array to be reallocated, then the sorted elements will be written to the old freed address.

Navigation menu