CVE-2011-0161

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

Published: Mar 11, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0161
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

Affected Software
References

Software	From	Fixed in
apple / safari	3.0.4b	3.0.4b.x
apple / safari	1.3.0	1.3.0.x
apple / safari	1.0.3-85.8	1.0.3-85.8.x
apple / safari	2.0.3-417.9.3	2.0.3-417.9.3.x
apple / safari	1.3.2	1.3.2.x
apple / safari	2	2.x
apple / safari	1.1.1	1.1.1.x
apple / safari	3.0.4	3.0.4.x
apple / safari	1.2.2	1.2.2.x
apple / safari	2.0.1	2.0.1.x
apple / safari	5.0.1	5.0.1.x
apple / safari	2.0.3	2.0.3.x
apple / safari	1.0.3	1.0.3.x
apple / safari	-	5.0.3.x
apple / safari	2.0.2	2.0.2.x
apple / safari	1.0.2	1.0.2.x
apple / safari	3.0.0	3.0.0.x
apple / safari	3.0.1	3.0.1.x
apple / safari	3.0.2	3.0.2.x
apple / safari	1.0	1.0.x
apple / safari	5.0.2	5.0.2.x
apple / safari	3.0.3b	3.0.3b.x
apple / safari	3.1.1	3.1.1.x
apple / safari	1.3	1.3.x
apple / safari	2.0.3-417.9	2.0.3-417.9.x
apple / safari	1.2.5	1.2.5.x
apple / safari	2.0.3-417.9.2	2.0.3-417.9.2.x
apple / safari	3.0.3	3.0.3.x
apple / safari	2.0	2.0.x
apple / safari	1.2.4	1.2.4.x
apple / safari	1.0.1	1.0.1.x
apple / safari	2.0.3-417.8	2.0.3-417.8.x
apple / safari	3.1.2	3.1.2.x
apple / safari	1.2.1	1.2.1.x
apple / safari	3.1.0b	3.1.0b.x
apple / safari	1.0.3-85.8.1	1.0.3-85.8.1.x
apple / safari	3.1.0	3.1.0.x
apple / safari	1.0-beta	1.0-beta.x
apple / safari	4.1.1	4.1.1.x
apple / safari	2.0.4	2.0.4.x
apple / safari	1.0-beta2	1.0-beta2.x
apple / safari	1.1	1.1.x
apple / safari	1.3.2-312.5	1.3.2-312.5.x
apple / safari	3.2.2	3.2.2.x
apple / safari	3.0.0b	3.0.0b.x
apple / safari	1.3.1	1.3.1.x
apple / safari	4.1	4.1.x
apple / safari	2.0.0	2.0.0.x
apple / safari	3.2.0	3.2.0.x
apple / safari	1.1.0	1.1.0.x
apple / safari	3.0.2b	3.0.2b.x
apple / safari	1.2	1.2.x
apple / safari	5.0	5.0.x
apple / safari	1.2.0	1.2.0.x
apple / safari	3.0.1b	3.0.1b.x
apple / safari	1.0.0b1	1.0.0b1.x
apple / safari	3.2.1	3.2.1.x
apple / webkit	-	-
apple / safari	3.0	3.0.x
apple / safari	1.0.0	1.0.0.x
apple / safari	4.1.2	4.1.2.x
apple / safari	1.2.3	1.2.3.x
apple / safari	1.3.2-312.6	1.3.2-312.6.x
apple / safari	3	3.x
apple / safari	1.0.0b2	1.0.0b2.x
apple / iphone_os	3.0	3.0.x
apple / iphone_os	3.2	3.2.x
apple / iphone_os	3.1.3	3.1.3.x
apple / iphone_os	1.0.2	1.0.2.x
apple / iphone_os	4.0.2	4.0.2.x
apple / iphone_os	2.2	2.2.x
apple / iphone_os	1.1.1	1.1.1.x
apple / iphone_os	4.1	4.1.x
apple / iphone_os	2.0.0	2.0.0.x
apple / iphone_os	3.1.2	3.1.2.x
apple / iphone_os	3.0.1	3.0.1.x
apple / iphone_os	1.1.2	1.1.2.x
apple / iphone_os	3.1	3.1.x
apple / iphone_os	1.1.3	1.1.3.x
apple / iphone_os	1.1.0	1.1.0.x
apple / iphone_os	1.0.1	1.0.1.x
apple / iphone_os	2.1	2.1.x
apple / iphone_os	1.1.5	1.1.5.x
apple / iphone_os	4.0.1	4.0.1.x
apple / iphone_os	2.1.1	2.1.1.x
apple / iphone_os	1.1.4	1.1.4.x
apple / iphone_os	1.0.0	1.0.0.x
apple / iphone_os	2.0.2	2.0.2.x
apple / iphone_os	2.0	2.0.x
apple / iphone_os	2.0.1	2.0.1.x
apple / iphone_os	4.0	4.0.x
apple / iphone_os	-	4.2.x
apple / iphone_os	2.2.1	2.2.1.x
apple / iphone_os	3.2.1	3.2.1.x
apple / iphone_os	3.2.2	3.2.2.x

Vulnerability Database

289,784

CVE-2011-0161