Automattic: Tab nabbing via window.opener.location (target "_blank")

Summary: When you open a link using target="blank", the page that opens in a new tab get access to the initial tab and change its location using the window.opener.location function. Platforms Affected: website Steps To Reproduce for the first target blank: 1. First target "blank" 1. On...

Paragon Initiative Enterprises: Missing rel=noopener noreferrer in target=_blank links (Phishing attack)

Links that use target=blank need to have rel="noopener noreferrer" in order to mitigate phishing attack opened page can change the location of page that opened him via window.opener.location = 'http://phishingsite.com/' more information about this vulnerability:...