view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

Secure site lock can be spoofed with view-source: — Mozilla

Kohei Yoshino reports the secure site lock icon can be spoofed by using a view-source: URL targeted at the secure site whose credentials you want to appropriate. An insecure page of the attackers choice can then be loaded while the lock icon shows the previous secure state...