QwikSec

Security Database

CVE

CWE

Training

CVE-2017-0135

Published: Mar 17, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

Vendor	Product	Versions
Microsoft Corporation	Edge	affected `Edge`

References

https://www.freebuf.com/articles/web/164871.html

x_refsource_MISC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.