Internet Explorer Bug Leaks What Users Type in the URL Address Bar

[LASER_oneXM]

Microsoft's Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar.

This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big issue.

The bug, spotted by security researcher Manuel Caballero, poses a privacy risk, as it could be used in reconnaissance operations in targeted attacks, but also for data harvesting by online advertisers.

Bug is easy to exploit
The bug occurs when IE loads a page with (1) a malicious HTML object tag and (2) features the compatibility meta tag in its source code. Both conditions are quite easy to meet.

Condition one: Attackers can hide malicious HTML object tags in hacked sites or load it via ads that allow advertisers to load custom HTML and/or JavaScript code.

Condition two: X-UA-Compatible is a document mode meta tag that allows web authors to choose what version of Internet Explorer the page should be rendered as. Almost all sites on the Internet have a compatibility meta tag.

 

[509322]

Believe it or not, but Internet Explorer still comprises over 10 % of the browser market.

 

[ForgottenSeer 58943]

Believe it or not, but Internet Explorer still comprises over 10 % of the browser market.

Incredible but true. We had a ticket sent in yesterday, some customer said IE was crashing but Chrome/Firefox/Edge work fine. I told her not to use IE, to pick anything else. She said 'But I will never give up IE'.

Idiots. Idiots everywhere.

 

[mlnevese]

My wife unfortunately needs it for her work. Some of my country government sites actually use activex

 

[LASER_oneXM]

i already stopped using IE in the 90's....

 

[frogboy]

I have not opened Internet Explorer for many years now, so no dramas here. To Me.

 

[Windows Defender Shill]

Incredible but true. We had a ticket sent in yesterday, some customer said IE was crashing but Chrome/Firefox/Edge work fine. I told her not to use IE, to pick anything else. She said 'But I will never give up IE'.

Idiots. Idiots everywhere.

Lol, IE is the only Internet on Windows many many people have ever experienced.

 

[insanity]

I don't use IE for my daily browsing since a long time (12+ years), when Firefox (and later, Chrome) became a thing. Now even Microsoft gave up on IE.

My wife unfortunately needs it for her work. Some of my country government sites actually use activex

I had that feeling until not so long ago, because some banks in my country used to demand us to install a browser plugin which in some cases only worked in IE. Sometimes you also have to install Java. Because of that, I only access their services through my mobile phone.

 

[mlnevese]

I never used it. One of my first browsers was Netscape. I don't remember what I used before.

 

[frogboy]

Lol, IE is the only Internet on Windows many many people have ever experienced.

Sad but true.

 

[Deletedmessiah]

I use it to download Opera, Chrome or IDM after fresh Windows install. That is all.

 

[plat1098]

Idiots. Idiots everywhere.

When I wins me the lottery and gets me a bigger NVMe, I will indulge in the "luxury" of a third party browser. For now, IE is the lesser of two evils use-wise--guess which one takes the cake?

I had some URL issue where it was displaying gibberish in the URL bar but not in the Bing search. After a clean Windows install, I haven't seen it...yet. :devil: Would not touch IE without an ad blocker/anti-exploit/keystroke encryption module--at the minimum. Hanging around here and at Wilders doesn't hurt, right?

 

[ForgottenSeer 58943]

I use it to download Opera, Chrome or IDM after fresh Windows install. That is all.

IE is the number one browser.

Used to download Chrome or Firefox.

 

[frogboy]

IE is the number one browser.

Used to download Chrome or Firefox.

I got adventurous and used Edge to download Waterfox, Vivaldi ( A work in progress ) and Firefox from Download Mozilla Firefox 56.0 RC 6 - MajorGeeks

 

[mlnevese]

I just remembered... before Netscape I used Mosaic... yes, I'm old

 

[Weebarra]

I never used it. One of my first browsers was Netscape. I don't remember what I used before.

I just remembered... before Netscape I used Mosaic... yes, I'm old

I have never even heard of any of these, my earliest was I.E 8/9 (i think) but i am only a noob really to computers and the wider world of the web, i was a late starter

 

[brambedkar59]

Believe it or not, but Internet Explorer still comprises over 10 % of the browser market.

Sad but true. Even some of the govt institutes are still using IE for their intranet applications.

 

[ForgottenSeer 58943]

Sad but true. Even some of the govt institutes are still using IE for their intranet applications.

You'd be surprised how many applications and services still require IE. It's disgusting some firms haven't updated their intranet apps and portals yet. We see fortune 500 firms requiring IE still for some of their vendor portals.

 

[Local Host]

I used IE up until Google Chrome was released, back then Firefox was extremely buggy and not worth the effort unless you were into all the Extensions thing, all I wanted was to navigate the Internet (and IE was extremely light and simple to use).

Currently I still use Google Chrome cause it's the only browser that works perfectly in all the websites I visit, Microsoft Edge, Mozilla Firefox and even Opera all have problems in at least one of the websites I frequently use.

 

[ForgottenSeer 58943]

I used IE up until Google Chrome was released, back then Firefox was extremely buggy and not worth the effort unless you were into all the Extensions thing, all I wanted was to navigate the Internet (and IE was extremely light and simple to use).

Currently I still use Google Chrome cause it's the only browser that works perfectly in all the websites I visit, Microsoft Edge, Mozilla Firefox and even Opera all have problems in at least one of the websites I frequently use.

The sad reality is, Chrome is really the only one that works 100% of the time on every website.

Every time I try a different browser the inevitable 'Honey, this website doesn't work.' comes from my wife. I get tired of that after a few days and go back to Chrome.
Just make sure to use command line switches on Chrome's icon BEFORE pinning it to task bar. After the command line switches are added - pin it. In my testing, these really improved your safety and privacy (Wireshark work).

--disable-background-networking --disable-component-extensions-with-background-pages --dns-prefetch-disable --no-pings --disable-logging