IE7 has only been on release for a week, but Secunia are reporting another vulnerability along with a working proof-of-concept. This one is about spoofing the address bar in a pop-up window, and has the potential to be used in phishing attacks.
With IE7 having been available in Beta form for a long time, there will inevitably be a trickle of new vulnerabilities over the coming weeks, while the people who research these things for “fun and profit” take advantage of the fact that IE7 is being pushed out via WIndows Update.
As always, while most corporate IT users will have the rollout of IE7 managed for them, it’s the unsuspecting home user who will be the target of these weaknesses.
Update @13:47: The IE Team at Microsoft have now been alerted to this, and posted some guidance, which you can read here. It mentions that the built-in Phishing Filter should warn against this technique, but because the Phishing Filter works against a list of known phishing sites rather than behaviour, I think this will still catch some people out. My advice would be change browsers or trust no-one.
[tags]internet explorer, IE7, vulnerability, weakness, phishing, Secunia, Microsoft[/tags]