CVE-2011-1796

NameCVE-2011-1796
DescriptionUse-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcesqueeze(not affected)
chromium-browsersource(unstable)11.0.696.65~r84435-1

Notes

http://trac.webkit.org/changeset/84300

Search for package or bug name: Reporting problems