| Sep 2017 | Revealing the content of the address bar (IE) |
| Mar 2017 | Referrer spoofing with iframe injection (Edge) |
| Mar 2017 | Bypassing the patch to keep spoofing the Smartscreen/Malware warning (Edge) |
| Dec 2016 | Spoofing the address bar and the SmartScreen/Malware Warning (Edge) |
| Sep 2016 | Referer spoofing and defeating the XSS filter (Edge/IE) |
| Nov 2014 | Capturing Address Bar Input via createPopup and onbeforeunload |
| May 2014 | Spoofing the User's Saved Webpage via pushState + Server Redirect |
| Feb 2014 | Spoofing the Info Bar Pop-up Origin via base href |
| Feb 2014 | Spoofing the Blocked Pop-up Origin via WebBrowser Navigate |
| Nov 2013 | Referrer Spoof via Server Redirect and Cached Location Object |
| Sep 2013 | createPopup Overlay Spoof Across Tabs |
| Sep 2013 | Address Bar Spoof via Non-Responding URL |
| Apr 2013 | Windows 8 App Address Bar Spoof via eval Override (QQ) |
| Apr 2013 | Address Bar Spoof via Mixed Document Modes and history.pushState |
| Mar 2013 | Address Bar Spoof via prompt and document.write |
| Feb 2013 | Address Bar Spoof via New Window Reload |
| Jan 2013 | IE10 Address Bar Spoof via onreadystatechange and document.write |
| Dec 2012 | MHTML Spoof via setCapture Event Hijacking |
| Aug 2012 | IE10 Metro: Modal Window Domain Hidden by Solid Background |
| Jul 2012 | IE10 Address Bar Spoof via history.replaceState |
| May 2012 | IE10 Metro: Back Gesture Can Be Spoofed with Oversized Scrollable Div and iframe |
| May 2012 | IE10 Metro: Page Reload with Server Redirect Does Not Show Address Bar |
| May 2012 | IE10: Content and Address Bar Spoof via onunload Sync XMLHttpRequest Freeze |
| Mar 2012 | IE10: Referrer Spoofing via history.replaceState + Server Redirect + Reload |
| Nov 2011 | Address Bar Spoof via Redirect, iFrame Hijack, and document.write |
| Sep 2011 | IE10 Address Bar Spoof via history.pushState and Reload |
| Jul 2011 | XSS Filter Bypass by Spoofing the Referrer on Reload |
| Feb 2011 | IE9: InfoBar URL Spoofing via Navigate2 |
| Jan 2011 | IE9: setCapture Through Tabs Enables UI Spoofing |
| Jul 2010 | IE9 Referrer Spoofing Enables XSS Filter Bypass |
| Jul 2010 | IE9 InfoBar Domain Spoofing via Repeated window.open Calls |
| Jan 2010 | IE Address Bar Spoofing via Unload, Stop, and Reload |
| Feb 2009 | Address Bar Spoofing and About:Tabs Exploitation via res:// Domain |
| Aug 2008 | IE8 Compatibility View Redirect Address Bar Spoof |
| Aug 2007 | URL Spoofing via onbeforeunload — Vista-Compatible Variant |
| Aug 2007 | URL Spoofing via onbeforeunload and history.go(0) |
| Feb 2007 | HHControl Screen Spoof IE6 |
| Dec 2006 | Address Bar Spoof IE6 |