User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 View the testcase that is attached to this bug, and follow the instructions. You will see that a user can be tricked into downloading a file from what they believe to be a trusted site, when it is coming from a site opened in a different tab. Reproducible: Always Steps to Reproduce: 1.Go to the testcase shown. 2.Open the link in a new tab, and go to that tab. 3.A download dialog will appear, which can trick users into downloading something they beleive to be from a trusted site. Actual Results: Download box displays on citibank's site. Expected Results: Gone back to the tab that has the javascript calling for the download.

This shows the bug, and the ability to trick users.

I see that while the from url is shown, coupled with https://bugzilla.mozilla.org/show_bug.cgi?id=275417 , users can be tricked a lot more easily.

dupe of third testcase in bug 262887 *** This bug has been marked as a duplicate of 262887 ***

No, this is different. The one you are referring to reverts to the tab triggering the event, while this one does not.