|
Message-ID: <55923B35.4050903@gmail.com> Date: Tue, 30 Jun 2015 11:46:13 +0500 From: "Alexander E. Patrakov" <patrakov@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Google Chrome Address Spoofing (Request For Comment) 30.06.2015 11:08, David Leo wrote: > Impact: > The "click to verify" thing is completely broken... > Anyone can be "BBB Accredited Business" etc. > You can make whitehouse.gov display "We love Islamic State" :-) > > Note: > No user interaction on the fake page. > > Code: > ***** index.html > <script> > function next() > { > w.location.replace('http://www.oracle.com/index.html?'+n);n++; > setTimeout("next();",15); > setTimeout("next();",25); > } Looks like a fork bomb to me. And I had to forcefully close Firefox after this. -- Alexander E. Patrakov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.