Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths are not displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux and Mozilla Firefox 1.0.
a34b640f70ddc606dfd05747def65a8fcb3787cf889e9e3a01a9b0f7515e55b9