Mozilla based browsers (Firefox, Netscape, etc), Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by "subjectAltName:dNSName" extensions.
bea6d858652bffab5a7023af650bba3ef9010cf7d7f2166821b4a21d8b7abec7