Secunia Research discovered Dec 2004 a vulnerability which affects most browsers. The vulnerability can be exploited by a malicious web site to hijack a named browser window, regardless of which web site is the true "owner" of the window. Let us hijack the window "Internet_Bankieren" from (This no longer works on recent browsers)

Below you find three links to the page

The first - no tricks here.

Click and see - yes, this is the postbank. Click on "Log in" (upper right). See - yes, the correct Login window. Close these windows again.

The hijack

Click the first link if you have a pop-up blocker enabled, or the second link if you do not have a pop-up blocker enabled.

With Pop-up Blocker
Without Pop-up Blocker

You get the same page again, but this time we plan to hijack it. Click the Login link on that page. If your browser is vulnerable, then the login page will be replaced by a fake one. If you want to try again, please refresh this page.


Read the page source and understand what happens.