Zero-Day in Microsoft Edge and IE browser

  • CERT Admin
  • Wed Apr 03 2019
  • Alerts

Systems Affected 

Microsoft Edge and Internet Explorer browser

Threat Level



Allow a remote attacker to steal sensitive user information using same‐origin policy.


There are two 'unpatched' zero-day vulnerabilities which affects the latest Microsoft Internet Explorer and another the latest Edge Browser. Which will allows an attacker to bypass same-origin policy on victim's browser.Same Origin Policy ‐ This is a security feature implemented in modern browsers that restrict a web page or a script loaded from one origin to interact with a resource from another origin, preventing unrelated sites from interfering with each other.

One example attack would be Universal Cross-site scripting. 


  ✦  Stealing victim's sensitive data (login sessions and cookies)

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.



The information provided herein is on "as is" basis, without warranty of any kind.

Last updated: Wed Apr 03 2019