Internet Explorer Bug Leaks Whatever You Type In the Address Bar

The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

More of the same

[lucm]

Yet another feature of a major browser that doesn't work on Firefox. I hope this will get resolved when they release that unified search/address bar.

Re:Internet Explorer?

[Zaelath]

There's still a lot of shit that works in IE but not in Edge...

Irrelevancies aside, SW non-freedom is the issue

[jbn-o]

Is this some question rooted in making sure future privacy leaks happen faster, in a more standards-compliant way, with a different web rendering engine, or some other technocratic detail that tries to obscure the underlying non-freedom problem?

Since when would the non-free Edge browser be more trustworthy than the non-free Internet Explorer browser?

The problem is the lack of software freedom; even users skilled and willing to help themselves and others fix the problem are not given permission to know what proprietary software does (whether intentionally or by mistake). So after years of people using Windows (a known security leaky proprietary OS written by an organization that partners with spies like the NSA) more problems arise with Microsoft Internet Explorer (an apparently security leaky proprietary browser). Proprietary software users must either switch to a free software OS and run free software on that, or wait for a proprietor they can't trust to issue a fix.

Re:All browsers

[omnichad]

And so does whatever web site you were already on when you pressed enter. That's the difference. For some reason, they update the JavaScript location object before actually navigating.

Let's address the elephant in the room

[blind+biker]

More than two days of static Slashdot. Can't we have a headline about that shit?

Re:Let's address the elephant in the room

[rastos1]

Yes, we can. Head to the firehose and vote it up.

Are we no longer a community?

[QuietLagoon]

Mod up this parent. I mean, really, WTF. This is /. not some social media site. We care about the site. And now, all of a sudden, we are being kept in the dark....

Re:Are we no longer a community?

[bobstreo]

As a longtime reader, I also would love to see a story explaining the downtime.

There is an article describing the issues at:

https://www.theregister.co.uk/...

I don't know why they didn't bother putting out an article describing the issues. I was getting VERY tired of 503s...

Re:Are we no longer a community?

[deviated_prevert]

Fried servers. Sounds like they were being hosted somewhere like in a cheap back room off the local Burger King and were having issues with over heating power supplies. LOL They say they are looking for a new service provider.

SourceForge was acquired alongside its nerd news discussion board Slashdot by finance, business and technology service BizX in 2016. The duo of websites have suffered outages in the past: in 2015, "filesystem corruption" on the Slashdot Media storage platform took out SourceForge for days.

"We recognize there have always been issues with SourceForge and Slashdot, both with our current provider and within the infrastructure," Abbott told us.

"As a result we had already decided to fund a complete rebuild of hardware and infrastructure with a new provider. We have the hardware on hand and are at the final stages of negotiations with the new provider."

Re:Are we no longer a community?

[rastos1]

If you care, head to the firehose and mod up the relevant entry.

Re:Irrelevancies aside, SW non-freedom is the issu

[AC-x]

It's been over 25 years and FOSS hasn't solved the issue of computer security either; Open source browsers and OSs also require regular security patches.

Re: Irrelevancies aside, SW non-freedom is the iss

[Aighearach]

The argument was never, "If you build it, they will all turn their eyes towards it checking for bugs."

The idea is that if you know you have a bug, because you use the software, and there is only the programmer at some company that is even allowed to look at the code, then they might not fix it, and they might not even have time or interest to try. Hard problems are often going to receive (if you're lucky) a work-around unless you're paying extra to get it fixed. The same situation with free software, the worse the problem is the more people are looking at it, and the easier it is to solve.

There was never anything about fixing bugs before you know about them because free software is magic. That part you made up yourself.

OSS security isn't broken, it is powering most of the infrastructure. But that isn't in the news, because "trains ran on time, 700 days uptime" isn't news.

Address bars are for addresses.

[nuckfuts]

I can't stand it when browsers try to turn what I type in the address bar into a search. First thing I do is turn that crap off. So whether it's Internet Explorer or not, the only thing "leaking" from my address bar is the address I typed.