Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
Microsoft Edge permite a atacantes remotos eludir la Same Origin Policy para elementos HTML en otros navegadores de windows, vulnerabilidad tambiƩn conocida como "Microsoft Edge Security Feature Bypass Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0066 y CVE-2017-0135.
It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
