CVE-2017-0066 — Corporation Edge vulnerability

17 documents6 sources

Severity

4.2MEDIUMNVD

EPSS

25.8%

top 3.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Edge

Timeline

PublishedMar 17

Latest updateMay 13

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5microsoft_corporation/edgeEdge

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-34f8-28cp-wmcg: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Featu↗2022-05-13

▶

GHSA

GHSA-2j8f-8h4h-8pf6: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Featu↗2022-05-13

▶

GHSA

GHSA-wfvm-rr2h-xq48: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Featu↗2022-05-13

▶

CVEList

CVE-2017-0135: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Featu↗2017-03-17

▶

CVEList

CVE-2017-0140: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Featu↗2017-03-17

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Security Feature Bypass Vulnerability↗2017-03-14

▶