Saw it on /. Multiple Browsers Window Injection Vulnerability Test. Secunia claimed that
all most modern browsers are vulnerable to this attack, which allows another site to replace the URL of a popup window in a legitimate site. For example, go to a bank site, click on the link to popup the login window, and then type in your username and password unaware of that the content has already been replaced to post the entered information to the hackers.
Anyway, it has already been reported as a bug on Mozilla, and thanks to Open Source it would probably be rectified soon.