IE 7 - New address bar spoofing vulnerability

Posted Friday, February 23, 2007 2:16 PM by hwaldron
This new vulnerability is rated as low risk and could be used in phishing or other deceptive schemes by malicious people.

Internet Explorer 7 "onunload" Event Spoofing Vulnerability
http://secunia.com/advisories/23014/
http://msmvps.com/blogs/spywaresucks/archive/2007/02/23/611544.aspx

quote:

Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice.

Comments

No Comments