A LESS CRITICAL
weakness has been discovered in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks.The problem is that it's possible to display a popup with a somewhat spoofed address bar where a number of special characters have been appended to the URL. This makes it possible to only display a part of the address bar, which may trick users into performing certain unintended actions.Secunia has constructed a demonstration, which is available at:http://secunia.com/internet_explorer_7_popup_address_bar_spoofing_test/
The weakness is confirmed in Internet Explorer 7 on a fully patched Windows XP SP2 system.Solution
:Do not follow links from untrusted sources.Provided and/or discovered by
:Discovered by an anonymous person.