Posted by Zaakiy Siddiqui on Feb 04

Hi David,

Nice one…great find! And thanks Joey for confirming the bypass of HTTP-to-HTTPS restrictions.

I can confirm that this also affects Spartan Browser (Experimental enabled in about:flags in Internet Explorer 11).

I can also confirm that IE 10 is affected.

IE 9 appears to not be vulnerable. Screenshots below.

Regards,
Zaakiy Siddiqui

IE 11 Spartan – vulnerable (Windows 10)

[cid:Image1466.png@14b56f08dd75bb]…