Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
Exploitability
AV:NAC:LAu:NImpact
C:NI:PA:N5/AV:N/AC:L/Au:N/C:N/I:P/A:N