CVE-2007-1091

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 7

Description The issue allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks. Spoofing vulnerabilities exist that could allow an attacker to display spoofed content in a browser window, where the address bar and other parts of the trust UI have been navigated away from the attacker's Web site but the content of the window still contains the attacker's Web page.

Recommendations For Microsoft Internet Explorer version 7, consider disabling the use of onUnload Javascript handlers as a temporary workaround to minimize the risk of exploitation. Restrict access to potentially malicious Web sites to prevent spoofing attacks.