December 19, 2003

Open-source IE patch hits trust barrier, an open-source software development Web site, has posted a patch that purports to fix a critical vulnerability in Microsoft's Internet
Explorer browser, but software developers and analysts are advising against installing it.

The vulnerability in question allows IE to display one URL in the address bar while the page being viewed is actually hosted elsewhere. This makes
users more susceptible to ruses such as phishing, in which online-banking users receive emails that seem to have been sent by their bank, asking them
to click on a link in order to visit the bank's Web site and "confirm" their security access details. Crude phishing attempts are obvious because the
address bar in Internet Explorer would show a URL different to that of the bank, but elaborate phishing schemes could exploit the IE vulnerability and
therefore make the ploy more plausible.



  • Security
Click Here!