7twenty

Parts of browsing history found in temp folder

16 posts in this topic

I'm pretty sure this shouldn't be happening, or at least not available for anyone to find.

Plain text MX_LOG_XX.log files in windows' temp folder.

Sample attached with URLs obfuscated.

MX_LOG_11.log

1 person likes this

Share this post


Link to post
Share on other sites

BugSir006 (she was on the forum today) often takes part in the discussion, but somehow it's hard for her to answer security questions.

This is not the first time that security questions remain unanswered angry.gif

Share this post


Link to post
Share on other sites

Hi 7twenty,

Thank you for your feedback. It has been reported to the dev team as a bug with high priority. 

1 person likes this

Share this post


Link to post
Share on other sites
4 hours ago, BugSir006 said:

Hi 7twenty,

Thank you for your feedback. It has been reported to the dev team as a bug with high priority. 

high priority - that should get their attention - a fix this month then maybe - hopefully not like most of the other stuff thats high priority - they have just been ignored in the past

1 person likes this

Share this post


Link to post
Share on other sites

Posted (edited)

The matter is quite serious.

In addition, and already commented here in the past, all those URLs are sent to the maxthon servers (without knowing exactly what they do with them),

If we have checked the box "Enable secure URL scan.This helps protect the browser and local machine against unsafe websites ", that basically we have to have it activated, because if not, we can not see the ssl certificates of the web that we visited, with what we are almost" forced "to have it activated.

I already asked in a comment that this be separated, but there is no way they want or understand this.

 

I repeat, @BugSir006, why to see the ssl certificates that any other browser offers me, I have to Yes or YES, activate this option in maxthon about the sending of URLs in the options?

 

Edited by pantantrollo
2 people like this

Share this post


Link to post
Share on other sites
13 minutes ago, pantantrollo said:

I repeat, @BugSir006

Good luck!! :titter:

1 person likes this

Share this post


Link to post
Share on other sites

i aint got no log nowhere on my computer; is this a MX security flaw or a failure i can't tell

Win 10 pro with portable MX

Share this post


Link to post
Share on other sites
21 hours ago, pantantrollo said:

If we have checked the box "Enable secure URL scan.This helps protect the browser and local machine against unsafe websites ", that basically we have to have it activated, because if not, we can not see the ssl certificates of the web that we visited, with what we are almost" forced "to have it activated.

Hi pantantrollo, I contacted the dev team, this issue has been submitted as a bug. 

Share this post


Link to post
Share on other sites

I confirm the bug. Thank 7twenty for discovering this. I did not that.

Thank you BuSir006 for passing this to the devs. This bug is very serious. Mx should be able to clear his temporary files and not leave them like that.

1 person likes this

Share this post


Link to post
Share on other sites

you would have thought a security bug urgent but 3 days and counting and no fix released - is the dev or devs on holiday - i use the plural loosely as the impression is that there are few people working on anything these days the time it takes to release updates

and even when released nothing much is fixed 

how the mighty have fallen is apt i think

1 person likes this

Share this post


Link to post
Share on other sites

Today I tried to use my maxthon account and after closing the program all the links are still in MX_LOG_21.log. This bug is serious:Flushed_Face_Emoji_42x42:

1 person likes this

Share this post


Link to post
Share on other sites

I am ashamed, but I am the root cause of this problem.

In November 2018 I found issue with MX's history on my work computer. History collection is stopped at 2018-10-10.

Аннотация 2019-04-22 145954.jpg

This problem was taken by developers into work and the first step was changed MxHistory.dll file. This private debug DLL was have an added functionality - extensive logging of history tasks.

Problem is still not fixed for now (6 months) but it looks like somehow this private debug version was leaked to production branch!

1 person likes this

Share this post


Link to post
Share on other sites

Posted (edited)

On 4/18/2019 at 2:23 PM, BugSir006 said:

Hi pantantrollo, I contacted the dev team, this issue has been submitted as a bug. 

You have also retouched the issue of web certificates ssl, now YES at least appears the SSL certificate information on the web, although if you could have left another color when the certificate is correct, and not leave it in red (confusing) :wink:

snap_screen_20190426010030.png

Edited by pantantrollo
1 person likes this

Share this post


Link to post
Share on other sites
1 hour ago, pantantrollo said:

It seems fix 5.2.7.2400

I suppose that's ok, but the issue was actually found in 5.3.8.600. probably should have mentioned that ... ooops.

1 person likes this

Share this post


Link to post
Share on other sites
1 hour ago, 7twenty said:

I suppose that's ok, but the issue was actually found in 5.3.8.600. probably should have mentioned that ... ooops.

It is supposed to be fixed also in the 5.3.x series, let's hope ...

Share this post


Link to post
Share on other sites