Yes, you have read right. The Internet Explorer 7 "Matrix" has you. A new vulnerability in Internet Explore 7 will trap the users in a malformed web page. Security company Secunia has issued a public warning advising users about an error in the "onunload" events management in Internet Explorer 7. A successful exploit of this vulnerability will abort the loading process of a new website and redirect the user to a malicious web page. As of yet the vulnerability has been confirmed only in Internet Explorer 7, but other browsers may also be opened to attacks, and Firefox is a great candidate.

Exploits targeting the "onunload" vulnerability in IE7 will most likely be part of a spoofing/phishing attack. Users should take caution in knowing that the browser is vulnerable even if they enter the address manually in the IE7's address bar. The user will be trapped in the malformed webpage and the only way to get put would be to close down all the IE7 windows.

Security researcher Michal Zalewski explained the vulnerability:

"There is a cool combination-type vulnerability in MSIE7 that allows the attacker to:

a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left by normal means (this is a known brain-damaged design of onUnload Javascript handlers),
b) Spoof transitions between pages so that the user thinks he actually managed to leave the affected site, and so that the URL bar displays other addresses we didn't actually go to."

The vulnerability is a bundle between Javascript onUnload handler design and the way IE7 manages page transitions. The visitor will not only be trapped by the malicious webpage but also believe that the navigation took him to a legitimate address.