CVE-2024-38208: 
NixOS vulnerability analysis and mitigation

Microsoft Edge for Android contains a spoofing vulnerability identified as CVE-2024-38208. The vulnerability was initially recorded on June 11, 2024, and affects Microsoft Edge for Android versions prior to 128.0.2739.42 (NVD, ASEC).

The vulnerability has been classified as CWE-79, which refers to 'Improper Neutralization of Input During Web Page Generation' (Cross-site Scripting). Microsoft has assigned this vulnerability a CVSS v3.1 base score of 6.1 (MEDIUM), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, user interaction required, and potential for low confidentiality and integrity impact (NVD).

The vulnerability could potentially lead to spoofing attacks on Microsoft Edge for Android users. The CVSS scoring indicates that successful exploitation could result in low impact on both confidentiality and integrity, with no impact on availability (NVD).

Microsoft has released a security update to address this vulnerability. Users are advised to update to Microsoft Edge for Android version 128.0.6613.84/.85 (Chromium-based) or later (ASEC).