MOAB #7, OmniWeb Format String Vulnerability

Another MOAB bug which isn't actually in Apple software, but hey, it's all the same client-side stuff to write about for me. ;) MOAB #7 is a fairly straitforward format string vulnerability in how the OmniWeb browser handles the JavaScript alert() method. The detailed notes which include gdb output have a stack trace which implies that the vulnerability lies somewhere within the WebKit code, but it says that the same vulnerability can not be replicated on Safari which also uses WebKit.

This isssue is fixed in OmniWeb 5.5.2 as shown in the OmniWeb release-notes.

No CVE has been posted for this issue yet.