runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.