[Sephr]

This is to enable Safari's legacy EME implementation. I wonder if there are any vulnerabilities waiting in those unmaintained legacy codepaths

https://github.com/WebKit/webkit/blob/master/Source/WebCore/...

I first noticed this bug a year ago last February and it's been unchanged ever since.

[richdougherty]

Definitely a vulnerability there exploitable in concert with the error in the domain name check.