1.    27 Sep 2017 #1
    Join Date : Oct 2013
    Posts : 25,194
    64-bit Windows 10 Pro build 17040

    Internet Explorer revealing the content of the address bar


    Hello fellow bug hunter! Today we are going back to Internet Explorer which despite getting old, tons people still use it. I am much happier with MSRC lately, they are really moving forward regarding Edge, design bugs, and they even extended its bug bounty, which seems to be permanent now.

    All those are good news, but I still believe it is not acceptable to leave IE wide open. For example, right now all IE users can be turned into bots with the zombie script bug (which has been public and unpatched for months). If you don’t think it’s important, then imagine what black hats can do right now: they can stay in your browser even if you navigate to a different site, which gives them plenty of time to do ugly stuff like mining digital currencies while abusing of users CPUs. Also, IE has its popUp blocker is completely broken and nobody seem to care. Fine, but I think these things should be patched or at least set a big red warning to IE users when they open it, something like “We do not support this browser anymore, use Microsoft Edge“.

    In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, more honest to simply tell users that their older browser is not being serviced like Edge. Current browser stats, according to Netmarketshare show that IE is still more popular than Edge: 17% vs 6%.

    I firmly believe that IE should be treated like Edge in terms of security, otherwise get rid of it completely. Either way, let’s explore another bug on IE that allows attackers to know the address where the user is going. Mind reading? Nope, we know mind reading does not exist, but take a look and see how IE allows us attackers to do what appears to be magic...


    Read more: Revealing the content of the address bar (IE) Broken Browser
      My ComputersSystem Spec
  2.    01 Oct 2017 #2
    Join Date : Apr 2015
    Posts : 226
    10 Home 64-bit | v1709| Build -16299.19

    Bug in latest version of Internet Explorer...


    There's a bug in the latest version of Internet Explorer that leaks the addresses, search terms, or any other text typed into the address bar.
    The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter.
    https://arstechnica.com/information-...n-address-bar/

    Edge should be okay.
      My ComputersSystem Spec
  3.    02 Oct 2017 #3
    Join Date : Apr 2015
    Posts : 226
    10 Home 64-bit | v1709| Build -16299.19

    Thanks for the merge Shawn.
      My ComputersSystem Spec

 


Similar Threads
Thread Forum
Email to multiple recipients without revealing all addresses
I know that this can be done using BCC but there are a number of problems with that approach. One is the danger of one recipient using "reply all". Another is the fact that being among "undisclosed recipients" tends to raise suspicions that...
Browsers and Email
Change Explorer Address bar background and text
Hello!! Where I can replace color for address bar background and text? I show a pictures: Thiis is the address bar inactive: http://i.imgur.com/CMc8oEJ.png I love that but when I'm going to type:
Customization
What directories get added to the File Explorer address bar drop down?
There doesn't seem to be any rhyme or reason as to which directories get added to the file explorer address bar drop down. They are not the ones I have visited most recently, and they are not the ones I visit most frequently.
General Support
HELP disabling Windows Explorer Address Bar in Win10
Hi this may seem like a stupid question (I feel kind of stupid for asking it haha) but I need help DISABLING the address bar in windows explorer. I only need it to be temporary. The reason I need to disable the address bar is when I'm...
General Support
Solved Can't set my laptop wifi to static ip address! No internet access!
I recently changed my wifi network card to Intel Centrino 6235-N. I can only access internet if I choose dynamic ip address. If I set it to static then I only get limited access, the wifi icon has a yellow triangle. I've tried every possible...
Network and Sharing
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:34.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums