Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the “Dialog Box Spoofing Vulnerability.”
secunia.com/advisories/12712
secunia.com/multiple_browsers_dialog_box_spoofing_test/
secunia.com/multiple_browsers_form_field_focus_test/
www.mozilla.org/security/announce/mfsa2005-05.html
www.redhat.com/support/errata/RHSA-2005-323.html
www.redhat.com/support/errata/RHSA-2005-335.html
exchange.xforce.ibmcloud.com/vulnerabilities/18864
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211