Secure-site spoof (requires security warning dialog) — Mozilla

Tristor reports that it was possible to spoof the browser's secure-site indicators the lock icon, the site name in the URL field, the gold URL field background in Firefox by first loading the target secure site in a pop-up window, then changing its location to a different site...