A spoofing vulnerability in Internet Explorer (IE) 7 discovered by Secunia Research was disclosed this week. The vulnerability is due to an error in IE7's handling of "onunload" events. It can be exploited by a malicious website to spoof the address bar if, for example, the user types a new address manually into the address bar, which is considered best practice.
Spoofing attacks can be used for phishing activities, as well as installation vectors for malware and spyware.
The vulnerability is currently unpatched. Secunia recommends that IE users close browsers after visiting untrusted web sites.
For more information, refer to: http://secunia.com/secunia_research/2007-1/advisory/
Source : Secunia