CVE-2020-17153: Microsoft Edge for Android Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Dec

Released

2020-12-08

EPSS Score

0.58% (percentile: 69.0%)

FAQ

How could an attacker exploit the vulnerability? An attacker would have to convince a user to visit a malicious website, typically via an enticement in email or instant message, or by getting them to open an email attachment. What is the attack vector for this vulnerability? The attack vector is address bar spoofing. A malicious website could spoof the contents of a URL bar via a specially crafted HTML page's long URL and then use it for a phishing attack.

Affected Products (1)

Browser

• Microsoft Edge for Android

Acknowledgments

<a href="https://www.linkedin.com/in/kirtikumar-anandrao-ramchandani-ba949b153">Kirtikumar Anandrao Ramchandani</a>

Revision History

• 2020-12-08: Information published.