Internet Security experts Secunia announced that they had discovered a flaw in Microsoft’s brand new IE7 browser. This just hours after its release. This flaw would allow one web site to gather data from another website through the browser, and that opens the browser to many scripting (XSS) attacks.
Secunia does not consider this a critical problem, but the report was suprising to many because of its release so quickly after the launch of IE7.
However, Christopher Budd, a Microsoft security program manager, wrote in a blog post Thursday, “These reports are technically inaccurate. The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all.” Budd’s blog posting can be found here.
Apparently, the problem lies in a component of Microsoft’s Outlook Express e-mail client, which can be triggered by the browser and so, it is not an IE7 browser flaw. When this issue was first discovered in April, there was a communication problem between Microsoft and Secunia.
Translation: As of now, there is no actual flaw with Microsoft IE7 browser. It was basically a misunderstanding, so move along, there is nothing to see here :).
