Vulnerability Description
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Edge | All versions |
References
- http://www.securityfocus.com/bid/96656
- http://www.securitytracker.com/id/1038006
- https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135PatchVendor Advisory
- https://www.freebuf.com/articles/web/164871.html
- http://www.securityfocus.com/bid/96656
- http://www.securitytracker.com/id/1038006
- https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135PatchVendor Advisory
- https://www.freebuf.com/articles/web/164871.html
FAQ
What is CVE-2017-0135?
CVE-2017-0135 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is di...
How severe is CVE-2017-0135?
CVE-2017-0135 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0135?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Edge.