Another serious security hole has been unearthed in Microsoft’s Internet Explorer browser, which could lead to users being tricked into thinking fake phishing sites are genuine.
The error in the browser can be exploited to fake the address bar in the user’s browser window, warned security monitoring company Secunia.
This flaw could allow phishing scams to trick people into believing they are on a legitimate site, when they are in fact viewing a fraudulent web page.
When a user clicks on a phishing e-mail web link, they are usually directed to a site that looks like the original, but which has a different address in the top bar. The IE flaw helps to cover up this difference.
An error in the way the IE browser loads web pages and Macromedia Flash animations is the cause of the problem, said Secunia.
Microsoft said it was studying the flaw, the fourth reported flaw in IE in just over two weeks.
Both Secunia and Microsoft said they were so far not aware of any phishing attacks that used the latest flaw.
Microsoft has confirmed it will be patching at least one of the three previous serious flaws next Tuesday, as part of its monthly patching cycle.