Potential UAF when deleting a webview that's displaying fullscreen Flash content

Bug #1510963 reported by Chris Coulson on 2015-10-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
High
Chris Coulson

Bug Description

If a webview that is displaying fullscreen Flash content is deleted, we don't correctly null out the |container_| pointer on RWHV, which could result in a use-after-free

Changed in oxide:
importance: Undecided → High
status: New → In Progress
assignee: nobody → Chris Coulson (chrisccoulson)
milestone: none → branch-1.12
Changed in oxide:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers