Just about every browser out there - and, funnily enough, NOT Internet explorer - seems to have a spoofing flaw. Apparently, it's been discovered that anything built on the Gecko engine will allow the spoofing of an URL in the address bar, SSL certificate and status bar. Firefox, Opera, Mozilla, Netscape, Camino, OmniWeb, Safari and Konqueror are all affected.
The flaw is due to an unintended result of the implementation of International Domain Names which permits the use of international characters in domain names.
According to Secunia, this could be exploited by registering domain names with certain international characters that resembled other commonly used characters, thereby causing the user to believe he or she was on a trusted site.