A use after free issue exists in WebKit's handling of hover events. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of hover events.
Trac: http://trac.webkit.org/changeset/57759, http://trac.webkit.org/changeset/57817
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Dave Bowker of davebowker.com as the original reporter.