Security researchers at Secunia have discovered and reported another vulnerability with the newest version of Internet Explorer – IE7, as reported in heise Security’s blog.

First there was the IE7 security hole that allowed attackers to spy on the contents of other open windows on the computer.

Now, Secunia is reporting that attackers can fake the address shown in a popup window’s address bar. This means that new feature of IE7, which has been touted for its huge security improvements, to display an address bar on popup windows can now be a misleading, phishing tool rather than just having a popup that doesn’t show an address.

I expect Microsoft to have a fix for this one soon — hopefully by the time they push IE7 out to all Windows XP users as a Critical Update (scheduled for November 14th).

Read more in my IE7 Vulnerability to Phishing Attack article at XP Repair Site.