firefox is vulnerable to phishing attack. The vulnerability exists as several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials.
lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
secunia.com/advisories/34758
secunia.com/advisories/34780
secunia.com/advisories/34843
secunia.com/advisories/34894
secunia.com/advisories/35042
secunia.com/advisories/35065
secunia.com/advisories/35536
sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
www.debian.org/security/2009/dsa-1797
www.mandriva.com/security/advisories?name=MDVSA-2009:111
www.mandriva.com/security/advisories?name=MDVSA-2009:141
www.mozilla.org/security/announce/2009/mfsa2009-18.html
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2009-0436.html
www.redhat.com/support/errata/RHSA-2009-1126.html
www.securityfocus.com/bid/34656
www.securitytracker.com/id?1022097
www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
www.ubuntu.com/usn/usn-782-1
www.vupen.com/english/advisories/2009/1125
access.redhat.com/errata/RHSA-2009:0436
access.redhat.com/errata/RHSA-2009:1126
access.redhat.com/security/cve/CVE-2009-1308
bugzilla.mozilla.org/show_bug.cgi?id=481558
bugzilla.redhat.com/show_bug.cgi?id=496266
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
usn.ubuntu.com/764-1/
www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html