Despite Microsoft's security efforts and its inclusion of a phishing filter in Internet Explorer 7.0, an address bar spoofing vulnerability has been uncovered in the browser just a week from its release. The vulnerability, which is rated as "less critical" by Secunia, can allow a site to display a fake URL in IE 7.0's address bar without setting off the browser's anti-phishing protection. To its credit, Microsoft says the phishing filter will raise an alert anyway if a user browses to a site that's known to be part of a phishing scam, whether it uses the new exploit or not.
Nevertheless, the weakness is the second such vulnerability found in the new browser so far. The first vulnerability can allow one site to retrieve content from another via IE 7.0, potentially allowing a malicious site to fetch information from, say, an online banking site the user is using. However, this particular vulnerability lies with an Outlook Express component and not IE 7.0 itself, according to a Microsoft developer's blog.
|Aerocool's Project 7 P7-C1 Pro case reviewed||7|
|Google Project Tango is dead—long live ARCore||9|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||8|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||23|
|Antec P110 Silent touts quiet looks and quiet operation||11|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||19|
|Monkey Day Shortbread||14|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||6|