Description Michal Zalewski has discovered a [less critical] vulnerability in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks.
The vulnerability is caused due to the address bar of a newly opened window displaying the URL of the requested location before the page is loaded. This can be exploited to display arbitrary content in the blank document while showing the URL of a trusted web site in the address bar, e.g. by calling "window.stop()" to abort loading the new page.
The vulnerability is confirmed in version 3.6.4. Other versions may also be affected.
Solution UNPATCHED --- Do not rely on the address bar when untrusted web sites open new windows.
Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]