First Flaw Found In IE 7 Hours After Browser's Launch

A security intelligence company is warning users of the new browser's first official bug. Secunia says that IE 7 contains a 'less critical' flaw that can be used by identity

October 19, 2006

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Just hours after Microsoft released the final version of Internet Explorer 7, a security intelligence company warned users of the new browser's first official bug.

Copenhagen-based Secunia said that IE 7 contains a "less critical" flaw that can be used by identity thieves and other criminals to snatch confidential information from a PC.

The bug is a cross-domain information-disclosure vulnerability, said Secunia, which went on to report that attackers using the flaw in a malicious Web site could hijack data entered on a separate site at which the user's logged on. In one scenario, the attacker would lure users to his nasty site, then hope one or more would also be logging in at, say, an online bank account at the same time. If they were, the attacker would be able to capture the account's username and password.

Although Microsoft has repeatedly trumpeted IE 7 as more secure than its predecessors, Secunia first warned of the bug in IE 6 in April.

Secunia's alert for the IE 7 vulnerability also includes a quick test that demonstrates the new browser's susceptibility to attack. Firefox 2.0 RC3, meanwhile, is not at risk to this bug or an attack based on exploiting it.Microsoft released IE 7 Wednesday evening after nearly two years of public development, and more than five years after the last major upgrade to the company's long-suffering browser.

Read more about:

2006
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights