CVE-2011-0166 — Apple Safari vulnerability

CWE-2643 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.4%

top 36.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 11

Latest updateMay 17

Description

The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDapple/safari5.0.3+53

🔴Vulnerability Details

GHSA

GHSA-vh6c-5xwq-r5vw: The HTML5 drag and drop functionality in WebKit in Apple Safari before 5↗2022-05-17

▶

OSV

CVE-2011-0166: The HTML5 drag and drop functionality in WebKit in Apple Safari before 5↗2011-03-11

▶