Phishing by navigating browser tabs

Browsers permit related tabs to navigate each other at will. This leads to a class of interesting phishing attacks, including one dubbed "tabnabbing"; a fairly good demonstration of this vector can be found here.

Over the past few months, we have received a significant number of reports about a "reverse tabnabbing" attack, where a foreground tab opened from a trusted application, and displaying an attacker-controlled website, uses window.opener.location.assign() to replace the background tab with a malicious document. Of course, this action also changes the address bar of the background tab - but the attacker hopes that the victim will be less attentive and will blindly enter their password or other sensitive information when returning to the background task.

Unfortunately, we believe that this class of attacks is inherent to the current design of web browsers and can't be meaningfully mitigated by any single website; in particular, clobbering the window.opener property limits one of the vectors, but still makes it easy to exploit the remaining ones. 

For this reason, individual reports of tabnabbing vectors will generally not qualify for credit or rewards.