IE7 phishing bug nets concern | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
SSL in High-Security Browsers
The Browser Security Revolution
The Strategic Role of IT Culture in Business Performance
The Register Desktop Support Seminar
Webcast : Why Today's Spam Filters Fail
Watch on-line now
The Register Guides : The status of iSCSI
A Primer on Internet SCSI, a protocol to transport SCSI commands over IP
Virtualization Management
John Gilmartin on Virtualization Management

The Register » Security » Enterprise Security »

IE7 phishing bug nets concern

Fishy

By John Leyden → More by this author

Published Monday 19th March 2007 10:06 GMT

How IT Management Can "Green" the Data Center - Free Download

Security researchers have discovered a vulnerability in Internet Explorer 7.0 that might lend itself towards the creation of more convincing phishing attacks.

The cross-site scripting (XSS) bug creates a means to replace local page displaying a "Navigation to the webpage was canceled" message with a "Refresh the page" link. "This might be useful in a phishing attack, but it does sound rather complex and requires the user to jump through the hoops," the SANS Institute's Internet Storm Centre notes.

The flaw is perhaps more noteworthy for been among the first to affect IE 7 rather than the immediate threat it poses. Microsoft is investigating reports of the bug.

Meanwhile SANS has added the flaw to its list of unpatched Microsoft security vulnerabilities, as a secondary concern. The most pressing flaw remains a Word vulnerability that permits remote code execution, discovered in February. ®

Fixed to Fluid: Enabling Data Center Metamorphosis - Free download

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Unholy trinity of flaws put Google users at risk (24 September 2007)
YouTube 'riddled with 40-plus security vulnerabilities' (20 June 2007)
Yahoo! fixes bug that gave free rein to user accounts (15 June 2007)
Strange spoofing technique evades anti-phishing filters (25 May 2007)
Day dawns for Metasploit 3.0 (2 April 2007)
Vista security overview: too little too late (20 February 2007)
IE and Firefox blighted by fake login flaw (23 November 2006)
Firefox outshines IE in phish fight (15 November 2006)
Security rivals tried to 'castrate' Vista - Gates (10 November 2006)
Old bugs blight shiny new browsers (30 October 2006)
IE7 spoofing bug pops up (26 October 2006)
MS and researchers split hairs over first IE7 flaw (20 October 2006)
Information disclosure bug blights IE7 release (19 October 2006)
IE7 unleashed (19 October 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Webcast : Why Today's Spam Filters Fail

This webcast covers the cost of spam, how we filter spam today; why it's not good enough, and the advantages of Abaca's new ReceiverNet technology..

whitepaper title

The Register Guides : The status of iSCSI

Now that the hype's abated, have companies backing iSCSI have run out of energy and patience, or is the technology becoming commonplace and accepted?.

Whitepapers
There is No Execution without Integration Delivering Customer Value Enterprise Management and Support The Data Governance Maturity Model

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search