Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0650 to the following vulnerability: WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. http://code.google.com/p/chromium/issues/detail?id=3275 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs https://bugs.webkit.org/show_bug.cgi?id=21501 http://securitytracker.com/id?1023506
I can't reproduce in Arora - QtWebKit based (with Qt 4.6.1) with popup windows blocker enabled. With disabled it works as expected - new tab is opened.
I've tested couple of browsers in Fedora using webkitgtk or qtwebkit. I was only able to get a popup using the test case from google bug with arora with popup blocking disabled (as mentioned in comment #1). Other browsers either don't seem to handle popups or block them and don't offer a way to disable blocking.
The upstream changeset to correct this is here: http://trac.webkit.org/changeset/49827