An Interest In:
Web News this Week
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
September 9, 2017 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SbBcb4E_X30/apple-and-google-fix-browser-bug-microsoft-does-not
Apple and Google Fix Browser Bug. Microsoft Does Not.
Catalin Cimpanu, reporting for BleepingComputer: Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively. According to Cisco Talos researcher Nicolai Grodum, the vulnerability can be classified as a bypass of the Content Security Policy (CSP), a mechanism that allows website developers to configure HTTP headers and instruct the browsers of people visiting their site what resources (JavaScript, CSS) they can load and from where. The Content Security Policy (CSP) is one of the tools that browsers use to enforce Same-Origin Policy (SOP) inside browsers. Grodum says that he found a way to bypass CSP -- technical details available here -- that will allow an attacker to load malicious JavaScript code on a remote site and carry out intrusive operations such as collecting information from users' cookies, or logging keystrokes inside the page's forms, and others.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SbBcb4E_X30/apple-and-google-fix-browser-bug-microsoft-does-not
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot