'The latest version of Internet Explorer has a bug that leaks the
addresses, search terms, or any other text typed into the address bar.
The flaw was disclosed Tuesday by security researcher Manual
Caballero. Ars Technica reports:
The bug allows any currently visited website to view any text entered
into the address bar as soon as the user hits enter. The technique can
expose sensitive information a user didn't intend to be viewed by
remote websites, including the Web address the user is about to visit.
The hack can also expose search queries, since IE allows them to be
typed into the address bar and then retrieved from Bing or other
search services. The proof-of-concept makes it transparent that the
attacking website is viewing the entered text. The hack, however can
easily be modified to make the information theft completely stealthy.
A proof-of-concept site shows the exploit in action.'
-- source: https://tech.slashdot.org/story/17/09/28/0245228
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174