CVE-2017-0135
N/A
N/A
Summary
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft Corporation | Edge | Edge | affected |
Weaknesses
- Remote Code Execution
ADP Enrichment
CVE Program Container
Additional References
- https://www.freebuf.com/articles/web/164871.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135
- http://www.securitytracker.com/id/1038006
- https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
- http://www.securityfocus.com/bid/96656
References
- https://www.freebuf.com/articles/web/164871.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135
- http://www.securitytracker.com/id/1038006
- https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
- http://www.securityfocus.com/bid/96656
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.