Although I find this vulnerability a little farfetched (but coming from Secunia, it doesn't surprise me that much, anymore...), here it is, so you guys know about it.

The proof of concept wouldn't fool me, since my Mozilla browsers are set not to allow the status bar, menu bar, buttons bar and a bunch of stuff more to be hidden via JavaScript but in a default Firefox instalation, I think it would.

The Slashdot article:
http://it.slashdot.org/it/04/07/31/0037210.shtml?tid=154&tid=128&tid=172

The advisory:
http://secunia.com/advisories/12188/

The proof of concept:
http://www.nd.edu/~jsmith30/xul/test/spoof.html