Thread: IE7 full release
View Single Post
Old 31-10-2006, 00:54   #85
ADd
Inactive
 
ADd's Avatar
 
Join Date: Apr 2006
Location: Land of the free
Posts: 308
ADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond reputeADd has a reputation beyond repute
Re: IE7 full release
Another one, not as critical this time, can't wait for the security Vista will afford us all.

http://secunia.com/advisories/22628/

Quote:
A vulnerability has been discovered in Internet Explorer 7, which can be exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

This is related to:
SA13251

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/multiple_browsers...rability_test/

The vulnerability has been confirmed on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2.

Solution:
Do not browse untrusted sites while browsing trusted sites.
ADd is offline   Reply With Quote