Microsoft Edge document.domain Same Origin Policy Bypass (MS17-001: CVE-2017-0002)

A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted...

Microsoft Releases 4 Security Updates — Smallest Patch Tuesday Ever!

In Brief Microsoft has issued its first Patch Tuesday for 2017, and it's one of the smallest ever monthly patch releases for the company, with only four security updates to address vulnerabilities in its Windows operating system as well as Adobe Flash Player. Meanwhile, Adobe has also released...

CVE-2017-0002

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."...

CVE-2017-0002

Microsoft Edge: CVE-2017-0002 is a Same Origin Policy bypass in Edge involving about:blank and data: URLs. A remote attacker could entice a user to a malicious page to bypass origin checks and disclose information across domains, effectively elevating access within affected Edge versions. Multipl...