There are new reports of a cross-site scripting vulnerability in Internet Explorer 7 that allows hackers to trick users into visiting malicious copies of sites they normally visit, like online banking sites and shops, while still displaying the address of the legitimate site . Once on these sites, the users could be encouraged to enter their personal and login information.

Proof of concept code has been published and reports are surfacing that the exploit is now actively being used in the wild.

While Microsoft has attempted to improve security in Internet Explorer 7, the browser still has lots of problems. I encourage everyone to use Firefox or Opera and always keep them up to date as there are occasionally security flaws discovered in them too. Just not as often as with IE.

[New IE 7 bug could help phishers]

Tags: microsoft, internet explorer, internet explorer 7, ie 7, firefox, opera