You better stop using Internet Explorer for now

Martin Brinkmann
Jun 27, 2008
Updated • Apr 27, 2014
Security
|
20

A security vulnerability came to light recently that affects Internet Explorer 6, Internet Explorer 7 and even Internet Explorer 8 that can be exploited to record keystrokes users even when that user is loading different domains in the browser.

That means that a specifically prepared website can launch JavaScript code that records every user interaction once it has been launched including when the keyboard is being used which naturally means that username and password can be recorded as well by it.

Sounds scary? There is no fix for this vulnerability yet other than to disable JavaScript or allow it only on trusted domains. Some researchers claim that other browsers are affected as well but have failed to deliver proof for those claims yet. It would not hurt however to use the Firefox add-on No Script for instance.

If you need to use Microsoft's Internet Explorer, you may either limit JavaScript in the browser as explained above, or only visit websites that you trust for the time being.

The vulnerability can be tested on this page if you visit it with Internet Explorer. It opens a new window and records the user input on that domain. There is an explanation from the same researcher available in case you want to know more about it.

Update: Microsoft has fixed the vulnerability in the meantime, and if you make sure that Internet Explorer is up to date on your system you should not be in danger anymore in regards to the vulnerability.

You can check out our Internet Explorer download page for information about the latest version of the web browser for your operating system. Microsoft in recent years made the decision to limit Internet Explorer versions to specific operating systems. Windows XP users for instance can only download and install Internet Explorer 8, while Windows 7 users get access to IE9 and IE10.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Kailey said on February 16, 2012 at 10:10 am
    Reply

    I appreciate you taking to time to conitrbtue That’s very helpful.

  2. erwinus said on March 9, 2011 at 6:02 am
    Reply

    I want to say, stop developing for all versions of IE, stop supporting IE, stop making IE Hacks, when it looks differently in IE so be it.

    Put something like this on your site:
    http://www.flickr.com/photos/ieghostbuster/

    Let the user of your site know that IE is not the best browser on this planet.

    Greetz

  3. mark said on February 24, 2009 at 1:02 pm
    Reply

    This is all about the campaign to rid the WWW of Internet Explorer 6 that has devastated web developers and held back the evolution of everything that blocks the tubes for far too long. This can not go on any longer!

    BECOME A FRIEND AND SUPPORT THE INITIATIVE TO GET RID OF IE6.

  4. Gravity said on August 23, 2008 at 1:17 pm
    Reply

    hmm… well thats add to number of reasons on not using IE, i prefer Firefox.

  5. dwarf_toss said on August 17, 2008 at 2:57 pm
    Reply

    Used to absolutely blow my mind how the AV would light up like a christmas tree while surfing with IE on a newly formatted XP install.

    I would never, EVER use it for any type of online transaction of any kind. Strictly for the sites FF hates (can’t think of any).

  6. Ashraf said on July 29, 2008 at 12:01 pm
    Reply

    You better stop using Internet Explorer forever!

  7. rruben said on June 28, 2008 at 11:17 pm
    Reply

    This is shocking.. Can you imagine what can happen if you do financial stuff with explorer. I wouldn’t even think about the financial damage that can be caused with this leak if fallen in the wrong hands. This is definitely something that most be fixed overnight and the path most be updated automaticely without confirmation to be sure nobody would get harmed.

    Very painful for Microsoft … again (I hate to say it, but it’s true, again)

  8. GRTerrero said on June 28, 2008 at 4:21 pm
    Reply

    Well, it is impractical to ask people to stop using Internet Explorer. That browser accounts for the largest share of users on the planet and bloggers and website designers must test their sites on it to make sure that they see what their users see.

    It is more practical to advise people to ramp up their I.E. security settings and avoid questionable sites.

  9. darkkosmos said on June 27, 2008 at 5:22 pm
    Reply

    The number of firefox users who actually use noscript are tiny, the number of firefox users who have 3 or more addons are slightly more. And IE as a similar function..

  10. Dante said on June 27, 2008 at 4:52 pm
    Reply

    to “darkkosmos”: IE does not have NoScript. Firefox does. NoScript blocks execution of java scripts and flash at unknown sites until you give it the ok.

    to “David”: I would uninstall Safari if I were you. Read http://news.softpedia.com/news/Safari-Vulnerable-Apple-to-Issue-Fix-for-One-of-Three-Faults-85785.shtml

    Apple has a tendency to first sue the finder of a flaw. Than ignore said flaw. Than announce flaw is fixed after the product is discontinued and another product is put out in its place.

  11. David said on June 27, 2008 at 3:59 pm
    Reply

    I would recommend trying the KeyScrambler add-on for Internet Explorer. I haven’t tested the vulnerability in IE with KeyScrambler because I already switched to Safari and Firefox, but it is worth a try. The “Personal” version is completely free at:

    http://www.qfxsoftware.com/

    P.S. Make sure that you turn KeyScrambler off at Live Search Club.

  12. darkkosmos said on June 27, 2008 at 3:41 pm
    Reply

    So it affects any browser that allows javascript? Why stop using IE then..

  13. Dante said on June 27, 2008 at 3:09 pm
    Reply

    to “Steven”: “bloated”? “featureless”? Please expand on this. This should be interesting.

    But, just my opinion, anyone stupid enough to use their OS to log online and expose their OS to the outside world, deserves to be taken for every cent they have. Or do you consider IE not part of the Windows OS?

  14. Steven said on June 27, 2008 at 2:32 pm
    Reply

    Yes, stop using IE “for now.” After this vulnerability is resolved you can go back to your featureless, bloated and insecure monstrosity.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.