Mozilla Foundation Security Advisory 2010-83
Title: Location bar SSL spoofing using network error page
Announced: December 9, 2010
Reporter: Michal Zalewski
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.13
Google security researcher Michal Zalewski reported that when a window was opened to a site resulting in a network or certificate error page, the opening site could access the document inside the opened window and inject arbitrary content. An attacker could use this bug to spoof the location bar and trick a user into thinking they were on a different site than they actually were.