Cross-Origin bugs in IE and Edge allow bypassing SOP in both browsers.
0-days released by James Lee @Windowsrcer
busterb at August 21, 2019 4:31pm UTC reported:
A SOP bug requires the attacker to inject a resource into one domain, and be listening on another. Such a vulnerability would need to be combined with a web application vulnerability like XSS, and would be less useful from a standalone PoV as something like a Metasploit module. But with the right target audience and web application, this is a nice primitive.
Assessed Attacker Value: 3
Assessed Attacker Value: 4