27 | | Security is very important for a web engine. As a rule, any issue in which web content can crash WebKit is a security issue. In fact, almost every crash is a security issue. The only crashes which are not security issues are crashes that cannot be triggered by web content, but such crashes are few and far between in WebKit. Fortunately, not all crashes are equally-severe. E.g. a null pointer dereference is merely a denial of service issue, while a use-after-free is a code execution vulnerability. |
| 27 | Security is very important for a web engine. As a rule, any issue in which web content can crash WebKit is a security issue. In fact, almost every crash is a security issue. The only crashes which are not security issues are crashes that cannot be triggered by web content, but such crashes are few and far between in WebKit. Fortunately, not all crashes are equally-severe. E.g. a null pointer dereference is merely a denial of service issue, whereas a use-after-free or buffer overflow is a code execution vulnerability. |