Internet Explorer is a web browser from Microsoft. It is the default web browser in Microsoft Windows.
Internet Explorer is a web browser from Microsoft. It is the default web browser in Microsoft Windows.
Questions tagged [internet-explorer]
60 questions
50
votes
7 answers
Is the option to jump to blanks in password fields a security risk?
Using Ctrl + ← / →, it's a common behavior across different operating systems to jump from word to word (or from blank to blank) in text input fields.
Now I've discovered that this also applies on password fields in Internet Explorer 8 and 11 (I…
stuXnet
- 669
- 5
- 11
35
votes
5 answers
Why can't Windows 98/IE5 connect to HTTPS sites in 2015?
Recently I found an old installation CD for Windows 98 Second Edition, and looking for a bit of a nostalgia kick, I installed it inside VirtualBox. Win98SE shipped with IE 5.0, and browsing the web with that browser was as broken an experience as…
smitelli
- 2,035
- 3
- 15
- 19
32
votes
2 answers
Smart-Screen filter still complains, despite I signed the executable, why?
First and foremost, this is my very first experience with Code Signing.
I bought Standard Code Signing from Certum for 3 years.
I intend to publish applications in Czech republic mostly.
But to the point, on Windows 10, when I download the signed…
LinuxSecurityFreak
- 1,562
- 2
- 18
- 32
26
votes
4 answers
How can a web application protect users when the browser doesn't support HSTS?
HTTP Strict Transport Security (HSTS) is a very useful feature at preventing OWASP a9 violations and attacks like SSLStrip which try and prevent the client from making a secure connection. This technology however isn't in older versions of web…
rook
- 46,916
- 10
- 92
- 181
18
votes
2 answers
Is there an SSL / TLS Certificate state-cache on Windows, IE, and Outlook and how it it managed?
Today I changed the SSL certificate that 3,000+ Outlook clients are using. In doing this I changed the certificate to an "older" one that had the same subject name, expiration and everything else. Only the thumbprint and one SAN name changed. …
makerofthings7
- 50,090
- 54
- 250
- 536
13
votes
2 answers
How does Internet Explorer know what text files I have viewed?
I am using Windows 8.1 and Internet Explorer 11. Each time I use File Explorer to view a .txt file the history of Internet Explorer shows that I viewed that file in pages visited on this PC.
Is this a known feature?
How can Internet Explorer know…
user2174870
- 1,378
- 2
- 11
- 13
11
votes
1 answer
Why does IE11 refuse to enable back navigation caching for HTTPS?
On my website, I get this error message in the console:
DOM7011: The code on this page disabled back and forward caching. For more information, see: http://go.microsoft.com/fwlink/?LinkID=291337
That link includes a list of conditions a web site…
Flimm
- 1,230
- 3
- 13
- 22
10
votes
3 answers
Do I have to harden IE if I'm only using Firefox?
Assume a Windows 7 system (probably whatever home version comes with the machine), with the latest OS patches, latest IE and latest Firefox. Also assume that the user uses only Firefox for browsing, never IE, and that uninstalling IE is impossible…
bstpierre
- 4,868
- 1
- 21
- 34
8
votes
1 answer
Does Microsoft Edge (Spartan) share Cookies, Cache, Passwords, or TLS Certificates with Internet Explorer?
Windows 10 was released with a new browser called Microsoft Edge. Interestingly, Internet Explorer is also installed on the same default install. Given that Chrome and Firefox tend to separate their cache, or even root certificate handling from…
makerofthings7
- 50,090
- 54
- 250
- 536
8
votes
2 answers
Will disabling the Java add-on in IE protect you from Java exploits?
Concerning the recent Java vulnerability (Should I be disabling Java?), the most common advise seems to be to disable Java plug-ins in the browser.
However, Heise Security suggests that, when it comes to Internet Explorer, this might not be…
Heinzi
- 2,914
- 2
- 21
- 25
7
votes
1 answer
Are HTML Components (HTC) files a potential attack vector?
I'm working on a site that has a higher-than-normal concern for user security. I've recently been working on some CSS issues with older versions of IE (we support 7 and higher) and found that an easy solution to some of them would be the use of HTML…
Katana314
- 193
- 5
7
votes
3 answers
How can I detect (or inventory) all DLLs that don't use ASLR?
Based on this IE zero day, I'm interested in listing all DLLs in our systems that have been compiled to not work with ASLR.
Ideally, I'd like to analyze a static file and not load it into memory to detect if it's compiled without ASLR…
makerofthings7
- 50,090
- 54
- 250
- 536
7
votes
1 answer
What's the alternative of content security policy (CSP) header in Internet Explorer IE?
As mentioned in the Content Security Policy documentation & from the "supported browsers" page on the CSP site, CSP is not supported in Internet Explorer.
So, if we want to support CSP in our application with all the supported browsers which…
Abhishek Sharma M
- 117
- 2
- 6
7
votes
1 answer
Are Heap addresses randomized by ASLR?
I have been reading this article about an Internet Explorer exploit and I am a little confused about why the memory addresses effected by the heap-spray "work".
The paper states that the attack uses a heap-spray to spray ~320MB worth of…
MikeTGW
- 173
- 5
5
votes
2 answers
Zero-Day Exploit targeting Internet Explorer Versions 9 through 11
Few days ago, FireEye has found a vulnerability, which affects all versions of IE (even the latest 11). Microsoft has official statement regarding this issue.
FireEye wrote a technical article on their blog which explains details:
The exploit…
Salvador Dali
- 1,745
- 1
- 19
- 32