A flaw in Internet Explorer 7 has been found which could mask phishing scams, exposing surfers to the kind of risk that the browser was meant to have dealt with.
Security monitoring company Secunia discovered that IE7 allows a website to display a pop-up window which can contain a spoofed web address, which may trick users into accessing malicious pages.
A Secunia spokesman explained the problem:
“This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.”
IE 7 is the first major update to Microsoft’s web browser in five years and its security features were much heralded on its release.
A previous flaw was disclosed a day after the IE7 release, though Microsoft has said that this was due to a problem with Microsoft Outlook.
Nevertheless, two security alerts shortly after the browser’s release will not inspire confidence in its users, which in turn may benefit its rival Firefox browser.
Mozilla’s Firefox 2.0 was released this week with improved security measures, including protection against phishing. If these features prove more secure then IE7, Firefox may be able to increase its share of the browser market.