I should note that I couldn't successfully unpack your POC -- my RAR utility thinks your archive is broken. Please just upload the .html file as a non-compressed attachment.
Bug 1662388 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
I should note that I couldn't successfully unpack your POC -- my RAR utility thinks your archive is broken. Please just upload the .html file as a non-compressed attachment. Simple text or image attachments save us from having to be paranoid and run everything through virus checkers. This attachment appears clean, at least: https://www.virustotal.com/gui/file/fe93385bce9e1454b5c3fdaaaea8939c3756cbbae76087a4432f3c4fbfff4ab4/detection