This exercise assumes you have opened this page in a new tab by clicking on the button at the bottom of demo_DOM.html
Open the web console and type the following commands:
window.opener.location = 'https://mafia.org'
The possibility to change the location of the parent window can be exploited for phishing purposes: a new tab can change the location of the parent window and make it load some phishing webpage, for example a webpage that looks like a Google login page. Careless users may not notice that an old tab has loaded a new webpage: they will typically trust the tabs they had already opened. And because sometimes old tabs will require that you log in again, because some session has expired, they may not be surprised that they have to re-new their login.
This attack is called reverse tabnabbing. It is a variant of an earlier attack, that was called tabnabbing. Understanding how (reverse) tabnabbing works is not part of the exam material, but if you're curious, read this blog post by Brian Krebbs about tabnabbing. Following the blog of Brian Krebbs is a great way to keep up with current attack trends. He is a renowned security researcher and reporter who has been responsible for breaking many interesting security news stories.