Question

Reverse tabnabbing allows phishing attacks by using the external links from AEM. For example, the links to the documentation from the "?" symbol.
Is it a serious threat and what to do to avoid that?

Answer

Reverse tabnabbing is out of the scope of AEM threat-model as it is a browser issue, which cannot be easily mitigated at the product level.
The following quote from Google security explains this issue:

Unfortunately, we believe that this class of attacks is inherent to the current design of web browsers and can't be meaningfully mitigated by any single website; in particular, clobbering the window. opener property limits one of the vectors but still makes it easy to exploit the remaining ones.

Additional information

이 작업에는 Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License의 라이센스가 부여되었습니다.  Twitter™ 및 Facebook 게시물은 Creative Commons 약관을 적용받지 않습니다.

법적 고지 사항   |   온라인 개인 정보 보호 정책