Did you feel secure with your brand new Internet Explorer 7? Well, Aviv Raff published on his blog
an interesting vulnerability affecting it: a cross-site scripting in the navcancl.htm local resource.
This resource is called when the navigation to a page has been canceled, it displays an error message with a link to reload the current page, however the link is not filtered before being used (successful exploitation requires the user to click on the link). The researcher also explains how the browser does not show in the URL the local resource when it is called, this design flaw can thus be combined with the XSS vulnerability to conduct very dangerous phishing attacks.