Friday, February 23, 2007 9:08 AM cmosby

On the forums: IE 7 - New address bar spoofing vulnerability


This new vulnerability is rated as low risk and could be used in phishing or other deceptive schemes by malicious people.
Internet Explorer 7 "onunload" Event Spoofing Vulnerability

Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.


Harry Waldron - Security News & Best Practices Blog

Source: IE 7 - New address bar spoofing vulnerability

Filed under: , , , ,


No Comments