FortiClient VulnerabilityInternet Explorer CVE-2016-3353 Security Feature Bypass Vulnerability
Description
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content (HTTP) from secure locations (HTTPS). In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Internet Explorer handles mixed content.
Affected Applications
Internet Explorer 9
Internet Explorer 11
Internet Explorer 10
CVE References
CVE-2016-3353Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3353| ID | 56002 |
| Created | Dec 11, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Internet Explorer 9 , Internet Explorer 11 , Internet Explorer 10 |