CVE-2007-1970 Information

Description

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

Reference

http://osvdb.org/34536 http://www.securityfocus.com/archive/1/464719/100/0/threaded