Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MS-EDGE-SOP-BYPASS |
|---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Edge document.domain Same Origin Policy Bypass |
Release Date |
2017/02/08 |
Update Number |
2828 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Edge document.domain Same Origin Policy Bypass
A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web-page. Successful exploitation of this vulnerability would allow an attacker to bypass the same origin policy and disclose sensitive information.
Extended Description
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
Affected Products
- Microsoft edge *
References
- BugTraq: 95284
- CVE: CVE-2017-0002