The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.
The vulnerability has been confirmed in Mozilla 1.7.8, FireFox 1.04, and Camino 0.8.4. Prior versions may also be affected.
Solution:
Do not browse untrusted web sites while browsing trusted sites.
