Microsoft Edge for Android Information Disclosure Vulnerability
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Edge_chromium | Microsoft | * | 121.0.2277.83 (excluding) |
If a cross-domain policy file includes domains that should not be trusted, such as when using wildcards under a high-level domain, then the application could be attacked by these untrusted domains. In many cases, the attack can be launched without the victim even being aware of it.