IE back button 'bad for your data'

Security experts have warned that using the 'back' button in Internet Explorer (IE) can be dangerous for your data.

According to research from Andreas Sandblad, of the University of Umea in Sweden, IE allows URLs containing Java script into the browser's history list.

Code injected into a hyperlink or URL can be set to trigger when the back button is clicked and will operate in the same zone as the last URL viewed.

When a page fails to load the typical response is to hit the back button and, because the 'this page cannot be displayed' error operates from the local computer, malicious code can be executed on the local computer and local files can be read.

All versions of IE are thought to be affected, although some examples of code will only work on certain versions of Windows. Microsoft was contacted about the issue in November and again in March, but has not responded.

Currently the only workaround is to disable active scripting in the browser or stop using the back button.