No content since 2004
Feel free to donate
Chris @ MyITforum
Subscribe in a reader
Subscribe to Chris Mosby at myITforum.com by Email
This new vulnerability is rated as low risk and could be used in phishing or other deceptive schemes by malicious people.Internet Explorer 7 "onunload" Event Spoofing Vulnerabilityhttp://secunia.com/advisories/23014/http://msmvps.com/blogs/spywaresucks/archive/2007/02/23/611544.aspx quote:Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice._____________________________Harry Waldron - Security News & Best Practices Blog
This new vulnerability is rated as low risk and could be used in phishing or other deceptive schemes by malicious people.Internet Explorer 7 "onunload" Event Spoofing Vulnerabilityhttp://secunia.com/advisories/23014/http://msmvps.com/blogs/spywaresucks/archive/2007/02/23/611544.aspx
quote:Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.
Source: IE 7 - New address bar spoofing vulnerability
No Comments