PT-2017-14952 · Samsung · Samsung Internet Browser

Dhiraj Mishra

Publicado

2017-12-21

Atualizado

2018-01-09

CVE-2017-17692

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Samsung Internet Browser version 5.4.02.3

Description The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. This is achieved by redirecting to a child tab and rewriting the innerHTML property.

Recommendations For Samsung Internet Browser version 5.4.02.3, consider disabling JavaScript execution in child tabs as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-17692

Produtos afetados

Samsung Internet Browser

PT-2017-14952 · Samsung · Samsung Internet Browser

CVE-2017-17692

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8