A vulnerability related to MSIE entrapment bug allows a malicious page to display own contents as if it arrived from a thid-party site, by spoofing URL bar, page information dialogs, and SSL certificates. This is achieved through manipulation of location DOM objects to interrupt loading of a new page.

The following slow-paced demo will open a new window that will eventually display a mock, locally-hosted version of CNN.com, while the URL bar will suggest it's the real thing. Javascript is required. Somewhat timing-sensitive, so might fail on spotty (or exceptionally good) links.

Questions and comments: Michal Zalewski <lcamtuf@coredump.cx>.