Same Origin Policy Bypass in Samsung Internet Browser
CVE-2017-17859

6.1MEDIUM

Key Information:

Vendor: Samsung
Status: Internet Browser
Vendor: CVE Published:; 27 December 2017

Summary

The Samsung Internet Browser version 6.2.01.12 contains a vulnerability that allows remote attackers to bypass the Same Origin Policy. This can lead to User Experience Spoofing (UXSS) attacks, enabling attackers to access sensitive information by exploiting IFRAME elements embedded within XSLT data in MHTML files. Affected JavaScript code does not align its document.domain value with the hosting domain, instead linking it to arbitrary URLs present in the MHTML content, allowing for the execution of malicious scripts without proper restrictions.

References

https://poctestblog.blogspot.com/2017/12/samsung-internet...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 27, 2017
Vulnerability Reserved
Dec 23, 2017