Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1795

Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document containing a FORM element.

Related bugs and status

CVE-2011-1795 (Candidate) is related to these bugs:

Bug #778822: 11.0.696.57 -> 11.0.696.65

		In	Importance	Status
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Lucid)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Maverick)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Natty)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Oneiric)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://crbug.com/78948
CONFIRM: http://launchpad.net/b...
CONFIRM: http://trac.webkit.org...