Internet Explorer bug: How does it expose address bar info?



Q

Manage
Learn to apply best practices and optimize your operations.

A bug in Microsoft’s Internet Explorer update exposes information that users enter into the browser’s address bar. Learn more about the bug and URL tracking with Nick Lewis.



A bug in the latest version of Microsoft’s Internet Explorer can expose all the information entered in the address…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

bar and enable a threat actor to view it. How does this work? How serious is this Internet Explorer bug, and should enterprises consider restricting use of the browser?

Internet Explorer has been replaced by Microsoft with its new Edge browser, in part to improve the state of web browser security for their customers. Given that Internet Explorer was installed by default on Windows, it’s going to take a long time for the browser to be fully retired, as people often only install new software when they get a new system.

Deciding how long to support existing systems is part of the ongoing support challenge for Microsoft and other software vendors. IE had some unexpected functionality identified by a security researcher; an Internet Explorer bug enabled a malicious website to read the text typed into the address bar, a type of URL tracking. The unexpected functionality works because the text in the address bar is stored in an HTTP environment variable, such as location.href, which the webpage can access, store or use at any point.

The Internet Explorer bug has shed new light on an existing concern. Even though the browser has been around for over 20 years, most users do not know that when a web browser goes to a new webpage, the URL in the HTTP referrer field is tracked by web servers. This enables a website to track where visitors are coming from to get to their webpage, which could have privacy implications.

Getting data from the address bar, auto-complete and other web browser functionality create similar privacy concerns; however, these reasons are not sufficient to restrict the use of Internet Explorer or any other web browser.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Web browser security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.

Leave a Reply

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.