CVE-2017-0066

MEDIUM

Microsoft Edge - CSRF

Title source: llm

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96655

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038006

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066

Scores

CVSS v3 4.2

EPSS 0.2576

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Classification

Status published

Affected Products (2)

microsoft/edge

Microsoft Corporation/Edge < Edge

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026