An off by one memory read out of bounds issue exists in WebKit's handling of HTML lists. Visiting a maliciously crafted website may lead to an unexpected application termination or the disclosure of the contents of memory. This issue is addressed through improved bounds checking.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue.
This is being made public now, we've been given the go-ahead from upstream to do so.
Created webkitgtk tracking bugs for this issue
Affects: fedora-all [bug 606304]
Created qt tracking bugs for this issue
Affects: fedora-all [bug 538236]
*** Bug 606295 has been marked as a duplicate of this bug. ***
qt-4.6.3-8.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
qt-4.6.3-8.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.