Systems Affected
Microsoft Edge and Internet Explorer browser
Threat Level
Overview
Allow a remote attacker to steal sensitive user information using same‐origin policy.
Description
There are two 'unpatched' zero-day vulnerabilities which affects the latest Microsoft Internet Explorer and another the latest Edge Browser. Which will allows an attacker to bypass same-origin policy on victim's browser.
Same Origin Policy ‐ This is a security feature implemented in modern browsers that restrict a web page or a script loaded from one origin to interact with a resource from another origin, preventing unrelated sites from interfering with each other.
One example attack would be Universal Cross-site scripting.
Impact
✦ Stealing victim's sensitive data (login sessions and cookies)
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|