CVE-2016-3198
published 2016-06-16CVE-2016-3198: Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security…
PriorityP344medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
32.48%
98.1th percentile
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc6.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3gm7-pcqj-26pm: Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Se
ghsa_unreviewed·2022-05-14
CVE-2016-3198 [MEDIUM] GHSA-3gm7-pcqj-26pm: Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Se
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability
vendor_msrc·2016-06-14·CVSS 6.5
CVE-2016-3198 [MEDIUM] Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.
To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network.
The security update addresses the bypass by correcting how the Edge CSP validates documents.
Microsoft Edge (HTML-based): Microsoft Edge (HTML-based)
Microsoft: Microsoft
Customer Action Required:
No detection rules found.
No public exploits indexed.
2016-06-16
Published