Microsoft has disclosed details of the user interface it is planning for the Internet Explorer 7 browser, including the handling of such long-delayed features as tabs.
Separately, a security researcher said he discovered a denial-of-service security flaw in IE 7 Beta 2, just 15 minutes after he installed the browser. Other vendors reported more routine bugs in the test version, which was released earlier this week.
IE user interface program manager Max Stevens, writing on the official IE blog, detailed significant changes to IE's toolbars, integrated search box, favorites center and tabs. Many of the changes have been made since Beta 1, the last time the general public had access to IE 7.
Microsoft has changed the grouping of the forward and back buttons, adding a "stop" button, which was removed earlier in the development process. Generally, the main toolbar has been condensed to allow more space for content and tabs, according to Stevens.
One side-effect of this orientation is the removal of the File/Edit/View menu by default. Instead, Microsoft hopes users will use the new Command Bar, which appears to the right of the tabs and uses small graphical buttons to provide access to commonly used features. One of the new Command Bar buttons is a button that lights up when a feed is discovered for the current page.
The classic menus can be restored via the Tools menu, or by pressing the Alt button.
Another new feature since Beta 1 is the Favorites Center, which provides access to favorites, feeds and browsing history in a single interface. The feature allows an entire folder to be opened as tabs, similar to a feature found in Mozilla Firefox and other browsers.
Quick Tabs opens a thumbnail of all open tabs, allowing for quick switching between them, similar to a feature found in Apple's Mac OS X. Other tabs changes are the inclusion of a close button on each tab and a change in color scheme to make it easier to tell which tab is active. Beta 2 also introduces a Zoom feature similar to that found in Word and Excel, according to Stevens.
Testers wasted no time in finding bugs in the test version, the most serious of which was a security flaw discovered by researcher Tom Ferris. A problem with the way the urlmon.dll driver parses the "file://" protocol means the browser can be crashed by malicious HTML, Ferris said.
"I figured I would give it a quick look at and I just happened to find something within the first 15 minutes into testing," Ferris said in a statement. He posted details, proof of concept code and a screenshot of the crash on the Security-Protocols.com Web site.
Microsoft's Tony Chor confirmed Microsoft had found the bug during its own code review, and is planning to fix it before the next public release. "We do not believe this bug is easily exploitable," he said, writing on the IE blog. Microsoft has said it is putting the focus squarely on security with IE 7.
Testers reported numerous other problems, including incompatibility with some mainstream security software, such as McAfee Internet Security Suite.