CVE-2010-1399: WebKit: uninitialized memory access vulnerability in handling of selection changes on form input elements (ZDI-CAN-687)

Severity: Critical

CVSS Score: 9.3

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.