New "cool" flaw in IE: entrapment!

Hi malware fighters,

New flaw in IE7 found by Michal Zalewski can entrap you inside a malicious website, and you cannot get out in a normal way, even if the address toolbar shows another address, this is not so in reality. Want to see a demo: http://lcamtuf.coredump.cx/ietrap/

Firefox users are safe from this one, but are vulnerable to a similar variant of this trick. But investigation shows that the Mozilla variant is much more serious than the IE7 flaw: http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html

Oh, boy, am I glad I have NoScript installed for all those sites that can impose malicious script vectors onto me through FF or Flock. But it goes to show that the browser stays one of the main malware vectors to infect you or put you at risk.
Also scan these sites you may not trust with DrWeb av link checker, a very small extension install for both FF/Flock or IE.

polonus


And no mention of a Opera9 variant?


Great find polonus, thanks.