CVE-2011-0161
Safari < 5.0.4 - Same Origin Policy Bypass via Attr.style Accessor
Title source: llmDescription
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66000
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46814
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025182
Scores
EPSS
0.0165
EPSS Percentile
73.8%
Details
CWE
CWE-20
CWE-264
Status
published
Products (46)
apple/iphone_os
1.0.0
apple/iphone_os
1.0.1
apple/iphone_os
1.0.2
apple/iphone_os
1.1.0
apple/iphone_os
1.1.1
apple/iphone_os
1.1.2
apple/iphone_os
1.1.3
apple/iphone_os
1.1.4
apple/iphone_os
1.1.5
apple/iphone_os
2.0
... and 36 more
Published
Mar 11, 2011
Tracked Since
Feb 18, 2026