firefox is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker.
hg.mozilla.org/mozilla-central/rev/cadddabb1178
lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
secunia.com/advisories/40283
www.mozilla.org/security/announce/2010/mfsa2010-45.html
www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.7
www.redhat.com/security/updates/classification/#critical
access.redhat.com/errata/RHSA-2010:0547
bugzilla.mozilla.org/show_bug.cgi?id=556957
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8248