Internet Explorer bug leaks whatever you type in the Address Bar

[AlTech]

IE has a bug where whatever you type into the address bar is leaked.

 

 

The flaw has been discovered and will probably be fixed in the upcoming October Cumulative Update for Windows 10 and as a Cumulative Update for Windows 8.1. No idea about Windows 7 though since that doesn't come with IE11 as Standard as of Service Pack 1.

 

Quote

There's a bug in the latest version of Internet Explorer that leaks the addresses, search terms, or any other text typed into the address bar.

The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services.

 

And Microsoft has reacted to the situation:

Quote

Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule

 

My grandma is running IE11. I tried to get her to use Edge but she wouldn't listen...... Hopefully she'll move to Chrome or Firefox cos of all the nonsense with security issues.

 

Anyhow, this isn't the first and won't be the last IE11 Vulnerability. If you are an IE11 diehard user then you'll need to find a different browser .

 

Source:

https://arstechnica.co.uk/information-technology/2017/09/bug-in-fully-patched-internet-explorer-leaks-text-in-address-bar/

 

[AlTech]

Can we agree that businesses like HSBC and hospitals need to move away from IE6 and IE11 to a real browser for secure things? Pretty please?

[dfsdfgfkjsefoiqzemnd]

5 minutes ago, AluminiumTech said:

Can we agree that businesses like HSBC and hospitals need to move away from IE6 and IE11 to a real browser for secure things? Pretty please?

But ... but ... but everyone uses Internet Explorer!  It's the standard upon which the web is built!  You really want people to use a non-standard browser for important stuff such as banking? 

[AlTech]

1 minute ago, Captain Chaos said:

But ... but ... but everyone uses Internet Explorer!  It's the standard upon which the web is built!  You really want people to use a non-standard browser for important stuff such as banking? 

IE is as much of a Standard as FireFox or Chrome imho. We need to convince companies to stop important transactions happening through IE.

[dfsdfgfkjsefoiqzemnd]

We need to stop anything happening through IE.  The only thing IE ever was good for was to install Windows Updates on XP and to download a real browser. 

[ScratchCat]

Just now, Captain Chaos said:

We need to stop anything happening through IE.  The only thing IE ever was good for was to install Windows Updates on XP and to download a real browser. 

On windows 8.1 touch it was the best browser due to a metro interface until Firefox managed to get the virtual keyboard working properly on the desktop.

[GoodBytes]

10 minutes ago, Captain Chaos said:

We need to stop anything happening through IE.  The only thing IE ever was good for was to install Windows Updates on XP and to download a real browser. 

Oh god no.. not even. What a disaster that was.. even downloading another web browser.

[Drak3]

1 minute ago, L.Lawliet said:

What is IE?

Internet Explorer. An older browser family that has a bad reputation even though few releases were actually bad for thier time.

[Dabombinable]

Considering on even my Windows 98SE desktops I get out my 2001 PC World disc and install Opera off it since IE crashes a lot with HTML documents and websites in general.

[NumLock21]

Saw that article a few days ago. Was hoping someone would make a topic on it, so it can go on the wan show. No one did... 

[DeScruff]

3 hours ago, AluminiumTech said:

My grandma is running IE11. I tried to get her to use Edge but she wouldn't listen...... Hopefully she'll move to Chrome or Firefox cos of all the nonsense with security issues.

 

Hey put her on FF57 and customize it to look like IE (you can make it look a lot like IE now ty square tabs) and set the homepage to whatever IE defaults as.

Then change the icon to the explorer icon

[AlTech]

Just now, Sypran said:

Hey put her on FF57 and customize it to look like IE (you can make it look a lot like IE now ty square tabs) and set the homepage to whatever IE defaults as.

Then change the icon to the explorer icon

No. I'm not that kind of person.

[AlTech]

12 minutes ago, NumLock21 said:

Saw that article a few days ago. Was hoping someone would make a topic on it, so it can go on the wan show. No one did... 

I only saw it today. had I seen it earlier I would have made an article earlier.

[Jito463]

9 hours ago, L.Lawliet said:

What is IE?

Internet Exploder.

[TrigrH]

9 hours ago, L.Lawliet said:

What is IE?

infinity edge

[captain_to_fire]

16 hours ago, AluminiumTech said:

Can we agree that businesses like HSBC and hospitals need to move away from IE6 and IE11 to a real browser for secure things? Pretty please?

I remember logging in to our social security services few years ago and it asked me to use Internet Explorer. Good thing the three banks I bank with doesn’t give a damn on what browser I used and they’ve replaced Flash animations to modern web standards back in 2011. 

[AlTech]

3 hours ago, hey_yo_ said:

I remember logging in to our social security services few years ago and it asked me to use Internet Explorer. Good thing the three banks I bank with doesn’t give a damn on what browser I used and they’ve replaced Flash animations to modern web standards back in 2011. 

No no. I'm talking about how HSBC uses IE11 to access customer data and setup stuff.

 

I'm not saying they're forcing anybody to use it. I'm saying they're using it to access important data.

[Princess Luna]

I'm sorry if I sound terrible noob as for right now but... provided you don't bing search your credit card information or your passwords, breaching the keywords the user was trying to search doesn't exactly seem that much of a harmful security issue?

[Drak3]

5 minutes ago, Princess Cadence said:

I'm sorry if I sound terrible noob as for right now but... provided you don't bing search your credit card information or your passwords, breaching the keywords the user was trying to search doesn't exactly seem that much of a harmful security issue?

For the few everyday users that aren't naive about safe browsing, it isn't an issue. For companies that use IE for internal database access, it's a real threat.

[mynameisjuan]

23 minutes ago, Princess Cadence said:

I'm sorry if I sound terrible noob as for right now but... provided you don't bing search your credit card information or your passwords, breaching the keywords the user was trying to search doesn't exactly seem that much of a harmful security issue?

The problem I see if causing is the sites that contain your account number or any specific information in the URL. Overall its not that big of an issue but in specific cases it can cause a problem.

[vanished]

22 hours ago, AluminiumTech said:

IE is as much of a Standard as FireFox or Chrome imho. We need to convince companies to stop important transactions happening through IE.

 

22 hours ago, Captain Chaos said:

But ... but ... but everyone uses Internet Explorer!  It's the standard upon which the web is built!  You really want people to use a non-standard browser for important stuff such as banking? 

It is anything but a standard.  Pretty much any other browser implements modern web standards better than it.  Just ask any web dev

 

---

 

I remember webpages doing this for ages, and I don't recall in what browser but I think in things besides IE... you would search google and then go to one of the links and it would be another search based on your terms.