Don't Hit That Back Button

Saint Aardvark writes: "From the Bugtraq mailing list comes this warning: 'Using the Back Button in IE is dangerous'. When hitting the back button, javascript links will be executed in the security zone of the last url viewed. Proof-of-concept included in the warning will execute minesweeper or read your Google cookies."

In other news

[Anonymous Coward]

Don't hit that 'REPLY' button. It may post a goatse link!!!

This doesn't worry me.

[Anonymous Coward]

I don't have anything special in my Google cookies and I like to play minesweeper.

Re:Using Linux considered harmful

[Anonymous Coward]

Linux advocacy on IRC, in a nutshell:

Q: Internet Explorer has a lot of security bugs. What do I do?

A: Install Mozilla.

Q: Windows has a lot of security bugs. What do I do?

A: Install Linux.

Q: Somebody cracked into my default installation of Red Hat 6.2. What do I do?

A: Didn't you RTFM? Everybody knows that you have to keep patching the system to keep people out of it! Why don't you go to Windows, dumbass?

Unfair to release the advisory before fix...

[NoMoreNicksLeft]

If they had waited til tomorrow, they'd have known about M$'s fix for this dangerous security hole. SP3 for IE6 patches it up fine though. That's right, when you mouseover the back button, a popup text alerts you that it might be dangerous (that M$ can't be held responsible for damages resulting from its use?). Also, the "Safe Back Button" is now next to it, but to get it out the door in time, they've had to rush. Yes folks, it uses the exact same codebase as the back button, and no, I don't see that as a problem. Besides, if it is, they'll fix it with SP4, and the "Really Safe Back Button". Right along side the other two, for backward compatibility.

Back buttons

[56ker]

" 'Using the Back Button in IE is dangerous'." - since when was using anything in IE safe? ;o)

Re:Test it out if you have IE

[Tjp($)pjT]

I guess IE on the Mac works better. No such problems there.

Re:Test it out if you have IE

[magicslax]

Same with ie on wine. When I pressed back it just gave me a segfault....much better. :-) truth.

by the way, the 'please close all aplications and restart your computer' error window really cracks me up when the app was run under wine in the first place.

Re:Test it out if you have IE

[56ker]

Mind you - I'm sure there's some IE users who've never figured out what the buttons do yet! ;o)

Re:A complete list

[mrogers]

Other then just clicking on the MS link, is there a site devoted just to the fuckups of MS?

Yes there is, and you're looking at it right now.

Quick patch for the bug

[cscx]

Here is a way do disable this nasty bug. It should work in all affected versions of IE:

1. Right click the toolbar, and select "Customize"

2. Select "Back" in the list marked "Current toolbar buttons"

3. Click the "Remove" button.

4. Click close.

There! Now that bug has been squashed. I suggest you implement this in all corporate deployments of IE pronto.

Re:On a (somewhat) related topic...

[WhaDaYaKnow]

users who get stuck on pages simply close the browser window.

Which is exactly what you want because this generates an onunload event. At which point you can open a new window, which should preferably load a pop-under window, which has a hidden Flash object that plays a very loud siren.

Then when the user moves the mouse cursor outside of the window, you maximize the window and load a duplicate pop-under, which also plays the siren. Because although one siren is good, two sirens are better.

Now that you start getting the attention of the user, you load a full screen pop-up window, without borders, and in this window you will load an images to make it look exactly like a browser.

In the meantime the volume on the (hidden) Flash players should have increased to the absolute maximum, and you could even consider switching one over to a screaming cat. (Obviously the onunload handlers for the pop-under windows should open AT LEAST two pop-under of similar quality.)

Back to the front page,- now that you have full control over the browser look and feel, you can conveniently move any 'close' or 'back' buttons out of the way as soon as the mouse pointer gets too close.

At this point in time, you have increased the chances of getting a credit card number out of the user significantly, so it's up to you to present the user with the ability to enter their information.

The best way to achieve this is to just have the text box that you want filled out follow the mouse. Not all users are very smart, so keep what you want done obvious.

Once the information is obtained, change the page to read something among the lines that the user should absolutely NOT attempt to do anything, but most of all, not close any windows!, because his credit card may be charged twice.

After a last check that all pop-unders with screaming Flash players are still going strong, you are now done.

Now if only all porn site admins would....

[coene]

.. do a little something like this:

<a href="javascript:execFile('file:///c:/winnt/system 32/net send * \"HI EVERYBODY IN THE OFFICE! I AM LOOKING AT PORN!\"')">CLICK FOR BOOBIES</a>

heh

[elmegil]

Good thing security is MicroSoft's number one focus now!

Re:This doesn't worry me.

[enderak]

Yeah, until it learns to play for itself and beats all your high scores...

IE 5 for Mac OS X bug!!!

[toupsie]

Damn it! I went to the test page and tried all the links with the back button. Not one of them worked. Not a one. There is a bug in the bug when it comes to Mac OS X and Internet Explorer. Once again as a Mac user, I am getting deprived of the same experience that Windows users get with Internet Explorer.

You have to prioritize these things

[The Silver Slurper]

Is a fix for the back button exploit really as important as something like the following?

Q310510: Recommended Update Download size: 220 KB, 1 minute

This update resolves the "Playback and Copy-Protection Issues When You Try to Play the Snow White and the Seven Dwarfs DVD Movie" issue in Windows XP and is discussed in Microsoft Knowledge Base (KB) Article Q310510. Download now to be able to play Disney's "Snow White and the Seven Dwarfs" Platinum Collection DVD.

For more information about this issue, read Microsoft KB Article Q310510. (This site may be in English.)

Re:Quick patch for the bug

[nzhavok]

I'm undecided on whether this is "Funny" or "Informative".

Re:My company's solution to IE

[NMerriam]

...mandated a Mozilla-only policy...employees waste far less time surfing the web

No wonder -- it takes so long for a new window to open in Mozilla, they forget what site they wanted to visit!

Re:So...

[frunch]

The more important issue here is that this bug eliminates the ability to use the "Forward" button too. If you don't go back, you can't go forward!

Congrats, MS, on killing two buttons with one bug.

Re:This catch anyone's eye?

[iabervon]

MicroSoft said they were stopping all other work while they found and fixed security holes lurking undiscovered in their software. They're obviously not going to take time out of this important project to fix known security holes. Things like releasing patches and applying them to their websites will have to wait until the entire codebase has been carefully examined.