A new major security issue has been found in Firefox. In short, websites have access to the UI elements. With some fancy coding, they can use the actual UI components to create a spoofed browser window. They have access to all the UI parts, so they can add anything they want (like the secure padlock icon, the security certificate page, etc.). They can spoof a UI that looks however they want. Rather than having to actually have a fake SSL site that looks like a valid site, someone could just use the UI objects to make it look like that.
http://secunia.com/advisories/12188/ is the Secunia bulletin. http://bugzilla.mozilla.org/show_bug.cgi?id=244965 and http://bugzilla.mozilla.org/show_bug.cgi?id=252198 are applicable bug listings.