Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for phishing attacks where a malicious page can spoof the identify of another seemingly secure site. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeroen van der Gun as the original reporter.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0516 https://rhn.redhat.com/errata/RHSA-2012-0516.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0515 https://rhn.redhat.com/errata/RHSA-2012-0515.html