firefox is vulnerable to phishing attacks. The vulnerability exists as a flaw was found in the way Firefox handled RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused Firefox to display the address of said content in the location bar, but not the content in the main window. The previous content continued to be displayed. An attacker could use this flaw to perform phishing attacks, or trick users into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker.
secunia.com/advisories/48920
secunia.com/advisories/48922
secunia.com/advisories/48972
secunia.com/advisories/49047
secunia.com/advisories/49055
www.debian.org/security/2012/dsa-2457
www.debian.org/security/2012/dsa-2458
www.debian.org/security/2012/dsa-2464
www.mandriva.com/security/advisories?name=MDVSA-2012:066
www.mandriva.com/security/advisories?name=MDVSA-2012:081
www.mozilla.org/security/announce/2012/mfsa2012-33.html
www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
www.securityfocus.com/bid/53224
access.redhat.com/errata/RHSA-2012:0515
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=714631
exchange.xforce.ibmcloud.com/vulnerabilities/75156
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011