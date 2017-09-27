Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
Bug The Internet Communications Privacy Security Software

Internet Explorer Bug Leaks Whatever You Type In the Address Bar (arstechnica.com) 39

Posted by BeauHD from the not-so-private dept.
The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

Internet Explorer Bug Leaks Whatever You Type In the Address Bar More | Reply

Internet Explorer Bug Leaks Whatever You Type In the Address Bar

Comments Filter:

  • Haven't Microsoft users switched to Edge by now?

    • There's still a lot of shit that works in IE but not in Edge...

    • Is this some question rooted in making sure future privacy leaks happen faster, in a more standards-compliant way, with a different web rendering engine, or some other technocratic detail that tries to obscure the underlying non-freedom problem?

      Since when would the non-free Edge browser be more trustworthy than the non-free Internet Explorer browser?

      The problem is the lack of software freedom; even users skilled and willing to help themselves and others fix the problem are not given permission to know what

      • Re: (Score:2)

        by AC-x ( 735297 )

        It's been over 25 years and FOSS hasn't solved the issue of computer security either; Open source browsers and OSs also require regular security patches.

  • Yet another feature of a major browser that doesn't work on Firefox. I hope this will get resolved when they release that unified search/address bar.

    • I dunno, I already have an integrated search/address bar. You can configure it that way in about:config.

      If you really want to be bug-compatible with IE on this one, surely there is an extension out by now for it? We can have whatever features we want, they don't have to all be good ones.

  • All the three IE users have been warned.

  • "New spoon has throws soup back into your face"
    "Cat sues owner for pooping in its litter box"
    "Internet Explorer leaks your address bar"

  • I tip my hat to the C64 background colours!

  • Let's address the elephant in the room (Score:5, Informative)

    by blind biker ( 1066130 ) on Thursday September 28, 2017 @12:36AM (#55267657) Journal

    More than two days of static Slashdot. Can't we have a headline about that shit?

  • But riddle me this... shouldn't Microsoft by now have developed some manner of understanding of how to write software, so that these things Don't Happen?

Slashdot Top Deals

Got Mole problems? Call Avogadro at 6.02 x 10^23.

Close