CVE-2009-3003

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8

Description: The issue allows remote attackers to spoof the address bar. This can be achieved via window.open with a relative URI, showing an arbitrary URL on the web site visited by the victim. For example, a visit to an attacker-controlled web page can trigger a spoofed login form for the site containing that page.

Recommendations: For Microsoft Internet Explorer versions 6 through 8, consider avoiding the use of window.open with relative URIs until a fix is available. As a temporary workaround, restrict access to potentially malicious web pages to minimize the risk of address bar spoofing.