Intrusion Prevention



This indicates an attack attempt to exploit a Cross Context Scripting vulnerability in Maxthon3.
The vulnerability is due to a design error in the application when handling cross domain access to the "History" object. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary script code within the context of the targeted user.

Affected Products

Maxthon and earlier versions


System Compromise: Remote attackers can execute arbitrary script code in the context of the privileged browser zone.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.