A type confusion bug in Microsoft Edge and Internet Explorer remains unpatched as Microsoft doesn’t consider it a security vulnerability, Cybellum reveals.
The issue was reported to Microsoft on August 21, 2017. The researchers say that while Microsoft has confirmed the vulnerability, it decided against releasing a patch for it, because of the special conditions required to reproduce it. Specifically, it requires developer tools to be opened.
Affecting the latest versions of x86 Edge and x86/x64 Internet Explorer, the vulnerability occurs in the layout rendering engine (EdgeHTML & MSHTML), and the security researchers claim that, with some additional work, it would be possible to reproduce the crash without the developer tools.
Source: Infosec Island