Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Exploitability
AV:NAC:HAu:NImpact
C:NI:PA:N2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N