Security researchers on Monday warned of a problem in Internet Explorer 7 that could allow malicious attackers to alter content in a legitimate Web site’s pop-up window.
The browser issue could affect users who visit a trusted site by opening a pop-up window in that site that contains malicious code. This is the second IE 7 problem that has been discovered since Microsoft released the browser two weeks ago. Last week, a security flaw was discovered in IE 7 that could spoof the address of a pop-up window.
The two IE 7 security holes, if used in conjunction with each other, can easily dupe all but the most security-minded users, said Thomas Kristensen, chief technology officer of security company Secunia, which discovered the problems.
Secunia has classed the latest problem a security vulnerability, while Microsoft states the situation arises from “by-design behavior” in the browsers.
Source : ZDNet