CVE-2012-3691

Safari < 6.0 - Same Origin Policy Bypass via CSS Property Handling

Title source: llm
STIX 2.1

Description

WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

References (4)

Core 4
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5503
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5400

Scores

EPSS 0.0094
EPSS Percentile 56.6%

Details

CWE
CWE-20
Status published
Products (35)
apple/safari 1.0 (3 CPE variants)
apple/safari 1.0.0
apple/safari 1.0.0b1
apple/safari 1.0.0b2
apple/safari 1.0.1
apple/safari 1.0.2
apple/safari 1.0.3 (3 CPE variants)
apple/safari 1.0b1
apple/safari 1.1
apple/safari 1.1.0
... and 25 more
Published Jul 25, 2012
Tracked Since Feb 18, 2026