Microsoft Browser Information Disclosure Vulnerability

ID MS:CVE-2016-3273
Type mscve
Reporter Microsoft
Modified 2016-07-12T07:00:00


An information disclosure vulnerability exists when the Microsoft Browser XSS Filter does not properly validate content under specific conditions. An attacker who exploited the vulnerability could run arbitrary JavaScript that could lead to an information disclosure.

In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by correcting how the Microsoft Browser XSS Filter validates content.