Mozilla Foundation Security Advisory 2013-37
Title: Bypass of tab-modal dialog origin disclosure
Announced: April 2, 2013
Products: Firefox, SeaMonkey
Fixed in: Firefox 20.0
Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site.