The Mozilla project’s family of browsers contain a design
flaw that can allow a website to spoof almost perfectly any
part of the Mozilla user interface, including spoofing web
sites for phishing or internal elements such as the “Master
Password” dialog box. This achieved by manipulating “chrome”
through remote XUL content. Recent versions of Mozilla have
been fixed to not allow untrusted documents to utilize
“chrome” in this way.