New URL Spoofing Bug in Pre-SP2 IE

An anonymous reader writes "According to Netcraft a new security flaw has been found in Microsoft Internet Explorer which makes it possible to spoof a URL with just some simple HTML code, by enclosing two URLs and a table within a single href tag. The user will be sent to one site, but the status bar will show a fake URL. The bug apparently affects IE and Outlook Express up to but not including SP2. Firefox and Konqueror seem unaffected."

Re:Come on people!

Actually, more bugs are being found in Firefox than in IE right now. BUT, the firefox source is available, so people can look through it for bugs, AND Mozilla is giving away money for people who find security bugs, AND startup securty companies are trying to make a name for themselves by finding securtiy holes in Firefox.

I still say definately switch away from IE, but realize that other browsers have security holes too.

Re:Come on people!

[Mattcelt]

IIRC, IE is the only browser that the US-CERT has issued a statement not to use due to security concerns.

What really worries me is how many U.S. Government agencies and defence contractors still use IE as their standard browser.

Apache, too!

[DogDude]

And while we're at it, I've heard that a new bug was found in Apache 1.0!

Re:Bill Gates uses Firefox

[lightdarkness]

Not sure, but Microsoft's security manager uses it! http://it.slashdot.org/article.pl?sid=04/08/30/183 5212&tid=201&tid=172&tid=218