This exploit seems to work in Chimera and Mozilla. It think it also affect/block Chimera because I had to quit to enter this bug a second time, I had tested it while writing in another window. Click on the "Follow this link..." on that page, wait until you see a message in new page contents "Look at location bar". The location will be: Chimera 20020625 : "wyciwyg://0/http://guninski.com/b14.html" Mozilla 1.1a : "http://guninski.com/b14.html" MSIE 5.2 intercepts it and shows 2 alerts.
Confirmed using both Chimera/20020625 and FizzillaCFM/2002062203. The exploit seems to work in both, except Chimera prefixes the URL with "wyciwyg://0/" as described. Should this get sent over to Browser/Security?
I tried the page above. On Mozilla 1.0, I see http://guninski.com/b14.html, which is what I expect to see. The bug was about URL spoofing - where the URL bar says www.yahoo.com, but the page displayed is not yahoo.com. That's not what happens here, so I believe the bug has already been fixed. On yesterday's trunk (debug) build, the example page crashes on load, before the exploit script ever runs. It's crashing at nsHTMLContentSink.cpp:1921, in debug code. While this needs to be looked at, I don't think it's a serious security problem. I don't have a copy of Chimera to test, but the fact that we're seeing wyciwyg: URLs in the URL bar is probably bad - there was a bug on that in Mozilla.
okay, sounds like this isn't an issue and we're doing what we expect