First Flaw Found In IE 7 Hours After Browser's Launch
Copenhagen-based Secunia said that IE 7 contains a "less critical" flaw that can be used by identity thieves and other criminals to snatch confidential information from a PC.
The bug is a cross-domain information-disclosure vulnerability, said Secunia, which went on to report that attackers using the flaw in a malicious Web site could hijack data entered on a separate site at which the user's logged on. In one scenario, the attacker would lure users to his nasty site, then hope one or more would also be logging in at, say, an online bank account at the same time. If they were, the attacker would be able to capture the account's username and password.
Although Microsoft has repeatedly trumpeted IE 7 as more secure than its predecessors, Secunia first warned of the bug in IE 6 in April.
Secunia's alert for the IE 7 vulnerability also includes a quick test that demonstrates the new browser's susceptibility to attack. Firefox 2.0 RC3, meanwhile, is not at risk to this bug or an attack based on exploiting it.
Microsoft released IE 7 Wednesday evening after nearly two years of public development, and more than five years after the last major upgrade to the company's long-suffering browser.