|
Internet Exploder 7 delivers old bug, claim
More secure browser it is not
MICROSOFT'S Internet Exploder 7 has shipped with the same security bug that blighted its predecessor for years, a security outfit claims.
Danish security boffins at Secunia said that for nearly two years IE 6 has suffered from a security issue that let an attacker to nick logins and passwords.
The problem means that if a user visits a Web site specially crafted by an attacker, and then opens a "trusted" site such as a bank or e-commerce site that has a pop-up window, the attacker can put new content into the pop-up.
When the problem was first discerned, Vole issued a "work around" to disable a setting that allowed navigation of sub-frames across different domains.
When IE7 shipped, that "work around" was "cemented" into the new browser, says a spokesSecunia. The only problem is that it does not work. Secunia reckons the problem is "moderately critical" and has asked The Vole to have another crack at fixing it. So far no hacking outfit has tried to exploit it, it is probably so old that hackers must think that Vole must have fixed it.
The INQuirer
|
Threaded Mode
