CVE-2011-0166

Severity

57%

Complexity

86%

Confidentiality

81%

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

Apple

First reported 13 years ago

2011-03-11 22:55:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

Apple Safari 1.0

1.0

Apple Safari 1.0 Beta

1.0

Apple Safari 1.0 Beta2

1.0

Apple Safari 1.0.0

1.0.0

Apple Safari 1.0.0b1

1.0.0b1

Apple Safari 1.0.0b2

1.0.0b2

Apple Safari 1.0.1

1.0.1

Apple Safari 1.0.2

1.0.2

Apple Safari 1.0.3

1.0.3

Apple Safari 1.0.3 85.8

1.0.3

Apple Safari 1.0.3 85.8.1

1.0.3

Apple Safari 1.1

1.1

Apple Safari 1.1.0

1.1.0

Apple Safari 1.1.1

1.1.1

Apple Safari 1.2

1.2

Apple Safari 1.2.0

1.2.0

Apple Safari 1.2.1

1.2.1

Apple Safari 1.2.2

1.2.2

Apple Safari 1.2.3

1.2.3

Apple Safari 1.2.4

1.2.4

Apple Safari 1.2.5

1.2.5

Apple Safari 1.3

1.3

Apple Safari 1.3.0

1.3.0

Apple Safari 1.3.1

1.3.1

Apple Safari 1.3.2

1.3.2

Apple Safari 1.3.2 312.5

1.3.2

Apple Safari 1.3.2 312.6

1.3.2

Apple Safari 2

2

Apple Safari 2.0

2.0

Apple Safari 2.0.0

2.0.0

Apple Safari 2.0.1

2.0.1

Apple Safari 2.0.2

2.0.2

Apple Safari 2.0.3

2.0.3

Apple Safari 2.0.3 417.8

2.0.3

Apple Safari 2.0.3 417.9

2.0.3

Apple Safari 2.0.3 417.9.2

2.0.3

Apple Safari 2.0.3 417.9.3

2.0.3

Apple Safari 2.0.4

2.0.4

Apple Safari 3

3

Apple Safari 3.0

3.0

Apple Safari 3.0.0

3.0.0

Apple Safari 3.0.0b

3.0.0b

Apple Safari 3.0.1

3.0.1

Apple Safari 3.0.1b

3.0.1b

Apple Safari 3.0.2

3.0.2

Apple Safari 3.0.2b

3.0.2b

Apple Safari 3.0.3

3.0.3

Apple Safari 3.0.3b

3.0.3b

Apple Safari 3.0.4

3.0.4

Apple Safari 3.0.4b

3.0.4b

Apple Safari 3.1.0

3.1.0

Apple Safari 3.1.0b

3.1.0b

Apple Safari 3.1.1

3.1.1

Apple Safari 3.1.2

3.1.2

Apple Safari 3.2.0

3.2.0

Apple Safari 3.2.1

3.2.1

Apple Safari 3.2.2

3.2.2

Apple Safari 4.1

4.1

Apple Safari 4.1.1

4.1.1

Apple Safari 4.1.2

4.1.2

Apple Safari 5.0

5.0

Apple Safari 5.0.1

5.0.1

Apple Safari 5.0.2

5.0.2

Apple Safari

Apple WebKit

References

APPLE-SA-2011-03-09-2

Vendor Advisory

APPLE-SA-2011-10-12-1

http://support.apple.com/kb/HT4566

Vendor Advisory

http://support.apple.com/kb/HT4999

46811

1025183

apple-safari-html5-info-disclosure(66004)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.