Pure Java Full Screen Demo
Well, this is pure evil.
The wettest dream of any phisher or web advertiser.
A full screen window which can't be stopped by popup blockers and can not be closed by the user (without killing the browser).
It should work in any Java-enabled browser.
It's been tested on IE, Firefox, Opera and Safari.
To prevent malicious sites from doing this, you need disable Java globally or (smarter) use NoScript to selectively enable it on trusted sites only.
Responsible Disclosure Disclaimer:This vulnerability has been responsibly reported to Vendor (Sun Microsystem) on 29-JUL-2007.
Made public by Vendor as RFE 6589527 on 06-AUG-2007.
Disclosed on the hackademix.net blog on 07-AUG-2007.
Reclassified and hidden by Vendor on 07-AUG-2007, after the hackademix.net blog post had already gone public and couldn't be retracted.