A flaw in Internet Explorer 7 has been found which could mask phishing scams, exposing surfers to the kind of risk that the browser was meant to have dealt with.

Security monitoring company Secunia discovered that IE7 allows a website to display a pop-up window which can contain a spoofed web address, which may trick users into accessing malicious pages.

A Secunia spokesman explained the problem:

“This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.”

IE 7 is the first major update to Microsoft's web browser in five years and its security features were much heralded on its release.

A previous flaw was disclosed a day after the IE7 release, though Microsoft has said that this was due to a problem with Microsoft Outlook.

Nevertheless, two security alerts shortly after the browser’s release will not inspire confidence in its users, which in turn may benefit its rival Firefox browser.

Mozilla's Firefox 2.0 was released this week with improved security measures, including protection against phishing. If these features prove more secure then IE7, Firefox may be able to increase its share of the browser market.

Graham Charlton

Published 26 October, 2006 by Graham Charlton

Graham Charlton is the former Editor-in-Chief at Econsultancy. Follow him on Twitter or connect via Linkedin or Google+

2565 more posts from this author

You might be interested in

Comments (0)

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.