Security analysts are working overtime on Internet Explorer 7, released by Microsoft this week for download. Secunia, a Danish security firm, has already found a bug that could give hackers access to sensitive information.
The flaw theoretically allows hackers to steal user information as they type it in, like passwords and login details. However, in order for it to be exploited, the target has to have a window open to the malicious site from the hacker, and type login details in to another window.
Secunia has rated the flaw “less critical”. An advisory on the website says “The vulnerability is caused due to an error in the handline of redirections for URLs with the 'mhtml:' URI handler. This can be exploited to access documents served from another website”.
Secunia apprently found the same flaw in IE6, but it remains unpatched, so it would seem the Microsoft doesn't regard the bug as a serious threaten.