Sharing Security Developments, and Best Practices for corporate and home users
This new vulnerability is rated as low risk and could be used in phishing or other deceptive schemes by malicious people. Internet Explorer 7 "onunload" Event Spoofing Vulnerability http://secunia.com/advisories/23014/ http://msmvps.com/blogs/spywaresucks/archive/2007/02/23/611544.aspx
quote:
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.