IE7 bug could let phishers fool people easier

By Justin Mann on
A new bug in IE7 could spell trouble for those relying on its built-in anti-phishing tools. Due to a bug in canceling a webpage during loading, it appears that IE can be tricked into giving false URLs and render any page a malicious person may wish:

I can inject a script that will display anything I want in the page when the user clicks the 'refresh' link," he said via instant message. "Combining this with the design flaw, an attacker can render in the browser whatever he wants with whatever URL he wants in the address bar."
While no attacks have yet been reported using this flaw, it affects both Vista and Windows XP. Given that IE7 is now a critical update pushed via automatic updates, hopefully MS will be on the ball and repair the flaw soon. It's unlikely they will let it sit for long, with Firefox continuing to creep on their territory and already having skipped a patch cycle.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.