Posts

Showing posts from December, 2018

Content Spoofing Vulnerability in Edge Browser

Image
Hello Everyone,

Recently, I found Address Bar Spoofing vulnerability in Edge browser. The issue has been addressed and fixed in latest version of Edge Browser [CVE-2018-8383]

After that, I found another bug in Edge Browser which is still unfixed.


I reported this bug to Microsoft security team but they replied that the report doesn't meet the bar.
So, I don't excuse or create a follow-up anymore.

I'm disclosing the bug here.

Previously, I found the simple bug that Edge browser loads the domain first in address bar than redirects. So, it's possible to hold the redirect by giving port etc. resulted in address bar spoofing vulnerability.


Next, I found that Edge browser loads our dialog box first and in the background edge loads the site quickly, resulting in Content spoofing vulnerability.

Content spoofing is a sub category of “Address Bar Spoofing” attacks. The issue occurs when you are able to spoof dialog boxes or portion of content. Though, it is low risk vulnerability, it c…