CVE-2017-0066
MEDIUMMicrosoft Edge - Same Origin Policy Bypass for HTML Elements
Title source: llmDescription
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038006
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96655
Scores
CVSS v3
4.2
EPSS
0.2384
EPSS Percentile
96.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
Status
published
Products (2)
microsoft/edge
Microsoft Corporation/Edge
Edge
Published
Mar 17, 2017
Tracked Since
Feb 18, 2026