The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Denial Of Service
Buffer Overflow
Apple
Webkitgtk
Leap
+1
NVD
GitHub
Exploit-DB
CVSS 3.0
9.8
EPSS
16.1%