IE 7 pop-up security flaw

Secunia Research has found yet another flaw in Internet Explorer 7.

The problem is that a website can inject content into another site’s window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

This follows immediately after two recent bugs in IE7, viz. Internet Explorer 7 “mhtml:” Redirection Information Disclosure and Internet Explorer 7 Popup Address Bar Spoofing Weakness Advisory Available in Danish

The flaw has been marked as Moderately critical.

As of now there is no update on a solution to the flaw. So the only way to protect yourself for now is to not browse unknown websites.

Via: C|Net News


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.