Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the c