Ouch, take a look at this new IE exploit. I wonder how long it’s been in use in the wild? Hook it up to some JS status mouseover, and you have yourself a pretty convincing fraud potential (just in time for xmas shopping!). via Simon
Not a problem if you’re using a better browser, of course.
[To elaborate, yes the user@domain attack affects all browsers; that’s just URI syntax for you, and yeah, there are people suckered all the time by this. But w/ this 0x01 flaw, I suspect it’ll catch a whole lot of people off-guard who would otherwise ‘know better’; if you click on a link from an untrusted site, this attack can pretty much be made completely transparent (on the surface).]