Internet Explorer Bug Leaks Whatever You Type In the Address Bar

The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

Re:All browsers

[omnichad]

And so does whatever web site you were already on when you pressed enter. That's the difference. For some reason, they update the JavaScript location object before actually navigating.

Let's address the elephant in the room

[blind+biker]

More than two days of static Slashdot. Can't we have a headline about that shit?

Re:Are we no longer a community?

[bobstreo]

As a longtime reader, I also would love to see a story explaining the downtime.

There is an article describing the issues at:

https://www.theregister.co.uk/...

I don't know why they didn't bother putting out an article describing the issues. I was getting VERY tired of 503s...