CVE-2008-3950

Name of the Vulnerable Software and Affected Versions Safari versions 1.1.4 through 2.0

Description The issue is caused by an off-by-one error in the web drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit, allowing remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with a specific argument. This argument must lack breakable characters and have a length that is a multiple of the memory page size, leading to an out-of-bounds read.

Recommendations For Safari versions 1.1.4 through 2.0, consider avoiding the use of JavaScript alert calls with arguments that lack breakable characters and have a length that is a multiple of the memory page size until a patch is available. As a temporary workaround, restrict the execution of JavaScript code from untrusted sources to minimize the risk of exploitation.