A warning for a recently discovered flaw in Internet Explorer 6 and 7 is being issued
. The flaw is related to iframes, which most of us encounter in the form of ads of various sorts, and how IE6/IE7 handles access restriction on them. The attack requires at least some user intervention, but appears to be exploitable just by visiting a maliciously crafted web page or opening an e-mail.
The flaw is new enough that Microsoft says they aren't aware of anyone being compromised by the attack, even though proof of concept code has apparently been around for over a month. Interestingly, even Microsoft's newest browser, IE 8 beta 1, which was made available earlier this year
, is also vulnerable.
Microsoft is now in an interesting position. Once IE8 becomes final and people begin adopting it, they'll be left with a very substantial userbase that is composed of IE6, IE7 and IE8 users. It seems they will be stuck with supporting the older browsers, and maintaining three branches of IE at once can't be an easy chore, even for Microsoft.