A new vulnerability has been discovered within Microsoft's legacy web browser, Internet Explorer, that can allow attackers and unwanted parties to record a user's browsing habits. According to a
recent blog post by Michael Caballero, a web security expert, the bug occurs when a page is loaded with the malicious HTML object tag in combination with the compatibility mode meta tag. The malicious HTML object tags can be injected through hacked websites or ads that allow the addition of custom HTML or JavaScript code. As a result, when a piece of code is run, the malicious tag will inadvertently capture information initially only available in the main browser window. This will now allow attackers and other interested parties to hijack the host user's data, which can be used for other malicious activities or the harvesting of user data for advertising purposes. Caballero has made it possible for anyone to
test out the bug, which obviously will only work when ran through Internet Explorer.