Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1029 to the following vulnerability: Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1029 [2] http://www.exploit-db.com/exploits/11567 [3] http://www.exploit-db.com/exploits/11574 [4] http://www.securityfocus.com/bid/38398 [5] http://xforce.iss.net/xforce/xfdb/56524 [6] http://xforce.iss.net/xforce/xfdb/56527
This issue did NOT affect the versions of the kdebase package, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not reproducible with any supported webkitgtk, QTWebKit or KHTML version. Closing.