Download our in-depth report: The Ultimate Guide to IT Security VendorsMicrosoft Internet Explorer isn't the only browser hit by a spoofing flaw that could be exploited by phishers. But it also won't be releasing a patch for it anytime soon.
To further back its claim, Secunia has posted a proof-of-concept test of how the exploit works.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i In a security advisory issued yesterday by Microsoft, the potential exploit was described as a potential issue relating to user confusion with the overlapping browser windows.
''Common to various browsers, including Internet Explorer, it is possible to have multiple, overlapping browser windows,'' Microsoft's advisory states. ''An attacker could arrange windows in such a way as to trick users into thinking that an unidentified dialog or pop-up window is trustworthy when it is in fact fraudulent.''
Microsoft does not plan on issuing a security update to address the dialog box threat.
''This is an example of how current standard Web browser functionality could be used in phishing attempts,'' the Microsoft advisory states.
As of press time no advisory on the issue had been posted on Mozilla's security site.
This article was first published on internetnews.com.