A newly discovered flaw in all the major Web browsers could allow Internet scammers to successfully launch phishing attacks, according to a warning from security research outfit Secunia Inc. The vulnerability, confirmed on fully patched versions of Microsoft Corp.'s dominant Internet Explorer browser, can be exploited by malicious hackers to trick surfers into disclosing confidential information, including credit card and social security numbers.
"The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open a prompt dialog box, which appears to be from a trusted site," Secunia said in a public advisory. "Successful exploitation normally requires that a user is tricked into opening a link from a malicious Web site to a trusted Web site," the company added.
News source: eWeek