CVE-2009-3006

Name of the Vulnerable Software and Affected Versions: Maxthon Browser version 2.5.3.80 UNICODE

Description: The issue allows remote attackers to spoof the address bar. This can be achieved via window.open with a relative URI, showing an arbitrary URL on the web site visited by the victim. For example, a visit to an attacker-controlled web page can trigger a spoofed login form for the site containing that page.

Recommendations: For Maxthon Browser version 2.5.3.80 UNICODE, consider avoiding the use of window.open with relative URIs until a fix is available. As a temporary workaround, restrict access to potentially malicious web pages to minimize the risk of address bar spoofing.