[LennonCook]

United States Computer Emergency Readiness Team Vulnerability Note VU#713878: Microsoft Internet Explorer does not properly validate source of redirected frame.
A slightly dated article that I've mentioned atleast once in IE debates, and have been looking for for a little while. Published in July, updated just this week (December 13). This is the part which deals with IEs security in general, rather than just this specific vulnerability (my emphasis):

Quote:

Use a different web browser There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages).

I know that there are almost certainly some people who have read rants posted by me and several other people, who have doubted their objectiveness and relevance. Now that I have a relevant article from an official source that more people realise I'm not only a random ms-hating doomsayer. [img]smile.gif[/img]