This page opens a window to "", injects malicious code, and then uses
window.open.call
to set its opener to the victim. The opened window then tries to scripts its opener.