Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

First Flaw Found In IE 7 Hours After Browser's Launch

Just hours after Microsoft released the final version of Internet Explorer 7, a security intelligence company warned users of the new browser's first official bug.

Copenhagen-based Secunia said that IE 7 contains a "less critical" flaw that can be used by identity thieves and other criminals to snatch confidential information from a PC.

The bug is a cross-domain information-disclosure vulnerability, said Secunia, which went on to report that attackers using the flaw in a malicious Web site could hijack data entered on a separate site at which the user's logged on. In one scenario, the attacker would lure users to his nasty site, then hope one or more would also be logging in at, say, an online bank account at the same time. If they were, the attacker would be able to capture the account's username and password.

Although Microsoft has repeatedly trumpeted IE 7 as more secure than its predecessors, Secunia first warned of the bug in IE 6 in April.

Secunia's alert for the IE 7 vulnerability also includes a quick test that demonstrates the new browser's susceptibility to attack. Firefox 2.0 RC3, meanwhile, is not at risk to this bug or an attack based on exploiting it.

  • 1