Ka-Ping Yee wrote:Yup. Here it is now, done up with a spoofing example:
http://zesty.ca/popup/
I've reported this as bug 284551.
Thanks :-)
There's no point in security restricting the bug if the exploit is public. Even if you get Yee to close his page, I think it's too late.
_______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security