Site Navigation

Home | Welcome | FAQ | Submit a bug | Site Feedback |
Showing posts with label IE9. Show all posts
Showing posts with label IE9. Show all posts

Sunday, December 16, 2012

bug 593 - IE leaks all your windows mouse movements

Issue: #593
Affects: IE6, IE7, IE8, IE9, IE10

 Internet Explorer leaks all your mouse movements regardless where in Windows they occur.

 There's a lot of discussion about this bug at the moment as any browser bug that gives a website access to any information outside of the browser sandbox is considered a security bug.

 In this case IE's classic legacy single global event model has an issue whereby the mouse movements in Windows are fully available to Internet Explorer even if they originate outside of the browser viewport, and even the browser chrome, even when IE doesn't have the active focus... even on a 2nd/3rd screen if you have a multiple screen desktop!

 At the same time certain specific keystrokes are also leaked... the SHIFT, CTRL & ALT keys.

 Full details of the bug specifics can be found over on the Spider.io blog: http://spider.io/blog/2012/12/internet-explorer-data-leakage/ and there is even a demo http://iedataleak.spider.io/demo

 Microsoft has responded to this bug on their IE Blog IE Information leak and Security Issue however they are not taking the issue very seriously... rather trying to dispel the severity of the issue and imply that the bug report is only the result of an ad network that is fearing that this issue is affecting their competitive ability.

 We'd really prefer if the politics of business stayed completely out of this discussion.  The bug has been responsibly reported, vastly ignored by Microsoft and then ultimately disclosed to the developer public when talks with Microsoft were not moving fast enough.

 So lets get hypothetical - just what could one do with this info?  Well we can use JavaScript to determine the exact version of Internet Explorer, we can also determine the desktop extents and browser window extents.

We can fairly accurately track movements to anywhere within the browser chrome to see if the user goes to click on the zoom controls or the JavaScript error icon in the bottom left...

 We could capture events near the "Red X" of the browser window to block users from being able to easily close their browser... know when they are going to their address bar or search bar... the desktop taskbar/start button...

 Any combo of ALT key followed by navigation to the top left portion of the IE chrome would indicate access to some part of the IE menu... followed by fairly precise movements would expose which menu options were accessed...

 Can you think of other potential things that could be tracked? Let us know in the comments.

 Meanwhile lets hope that Microsoft really is taking this seriously now that it has gone public and that a priority patch for all versions of IE is available before Christmas.
Known Workarounds: None.

 
 
Related Issues: None.
Bug/Site Feedback | Submit a bug
Posted by xyz at 2:33 PM 0 comments
Labels: , , , , , , , , ,

Wednesday, November 17, 2010

bug 196 - IE9 fixes almost .setAttribute('type', value);

Issue: #196
Affects: IE9 PP4, IE9 Beta, IE9 Platform Preview 6

We're happy to say that IE9 has brought many, many improvements to Internet Explorer in terms of updating the IE engine to properly handle standards based code.

IE had issues in the past with the Element.setAttribute(name, value); method for a long time not supporting it on a wide array of elements (bug 242) of which the type attribute was a significant one (bug 237).

We were hoping that after IE9 Platform Preview 4 was released and we found that the .setAttribute('type', value); method had finally been fixed that the "new" bug with the value being erased when switching an HTMLInputElement from type "password" to "text" would have been fixed 2 public releases later.

Unfortunately it is still broken and thus we're tracking this new issue separately here.

Example:

<input type="password" id="accessCode" name="accessCode" value="bfg10k"/>
<script type="text/javascript">
  function exposeCode(){
    var field = document.getElementById('accessCode');
    field.setAttribute('type', 'text');
    //Oopsie! the value is now gone in IE9!
  }
</script>


Known Workarounds: None.

Related Issues: None.

Bug/Site Feedback | Submit a bug
Posted by xyz at 9:12 AM 0 comments
Labels: , , ,

Thursday, June 24, 2010

bug 419 - fieldset legends broken again in IE9 PP3

Issue: #419
Affects: IE9 PP3, Opera 11
Fixed In: IE9 Platform Preview 6

Update: Opera latest release (version 11) is also showing broken fieldset legends.

It appears that the latest IE9 Platform Preview #3 (PP3) has re-broken (bug 190) the fieldset element to cause rendering glitches with the legend element.

Example:



Communication preferences:
Please use the following methods to contact me;
Email
ICQ
MSN Messenger
Yahoo! Messenger
Google Talk
Phone
Fax
Skype



As you can see, (if you use IE9 PP3) the legend does not render correctly at all. The legend is not contained inline within the fieldset border. Hopefully this is just a bug in this third preview.



Known Workarounds: None.


Related Issues: (bug 190).

Bug/Site Feedback | Submit a bug
Posted by xyz at 7:31 PM 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)