CVE-2011-0161

Published: Mar 11, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

Affected (95)

Products: Apple: Safari, Iphone Os, Webkit

3 products

Configuration A

64 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 5.0.3
Apple Safari	Version 1.0.0
Apple Safari	Version 1.0.0b1
Apple Safari	Version 1.0.0b2
Apple Safari	Version 1.0.1
Apple Safari	Version 1.0.2
Apple Safari	Version 1.0.3
Apple Safari	Version 1.0.3 85.8.1
Apple Safari	Version 1.0.3 85.8
Apple Safari	Version 1.0
Apple Safari	Version 1.0 beta2
Apple Safari	Version 1.0 beta
Apple Safari	Version 1.1.0
Apple Safari	Version 1.1.1
Apple Safari	Version 1.1
Apple Safari	Version 1.2.0
Apple Safari	Version 1.2.1
Apple Safari	Version 1.2.2
Apple Safari	Version 1.2.3
Apple Safari	Version 1.2.4
Apple Safari	Version 1.2.5
Apple Safari	Version 1.2
Apple Safari	Version 1.3.0
Apple Safari	Version 1.3.1
Apple Safari	Version 1.3.2
Apple Safari	Version 1.3.2 312.5
Apple Safari	Version 1.3.2 312.6
Apple Safari	Version 1.3
Apple Safari	Version 2.0.0
Apple Safari	Version 2.0.1
Apple Safari	Version 2.0.2
Apple Safari	Version 2.0.3
Apple Safari	Version 2.0.3 417.8
Apple Safari	Version 2.0.3 417.9.2
Apple Safari	Version 2.0.3 417.9.3
Apple Safari	Version 2.0.3 417.9
Apple Safari	Version 2.0.4
Apple Safari	Version 2.0
Apple Safari	Version 2
Apple Safari	Version 3.0.0
Apple Safari	Version 3.0.0b
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.1b
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.2b
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.3b
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0.4b
Apple Safari	Version 3.0
Apple Safari	Version 3.1.0
Apple Safari	Version 3.1.0b
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.2.0
Apple Safari	Version 3.2.1
Apple Safari	Version 3.2.2
Apple Safari	Version 3
Apple Safari	Version 4.1.1
Apple Safari	Version 4.1.2
Apple Safari	Version 4.1
Apple Safari	Version 5.0.1
Apple Safari	Version 5.0.2
Apple Safari	Version 5.0

Configuration B

31 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 4.2
Apple Iphone Os	Version 1.0.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1
Apple Iphone Os	Version 2.0.2
Apple Iphone Os	Version 2.0
Apple Iphone Os	Version 2.1.1
Apple Iphone Os	Version 2.1
Apple Iphone Os	Version 2.2.1
Apple Iphone Os	Version 2.2
Apple Iphone Os	Version 3.0.1
Apple Iphone Os	Version 3.0
Apple Iphone Os	Version 3.1.2
Apple Iphone Os	Version 3.1.3
Apple Iphone Os	Version 3.1
Apple Iphone Os	Version 3.2.1
Apple Iphone Os	Version 3.2.2
Apple Iphone Os	Version 3.2
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0.2
Apple Iphone Os	Version 4.0
Apple Iphone Os	Version 4.1
Apple Webkit	All versions