CVE-2017-0140
MEDIUMMicrosoft Edge - Security Feature Bypass via Same Origin Policy
Title source: llmDescription
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96653
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0140
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038006
Scores
CVSS v3
4.2
EPSS
0.1493
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
Status
published
Products (2)
microsoft/edge
Microsoft Corporation/Edge
Edge
Published
Mar 17, 2017
Tracked Since
Feb 18, 2026