Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
https://bugzilla.mozilla.org/show_bug.cgi?id=257308
https://exchange.xforce.ibmcloud.com/vulnerabilities/19166
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11297
http://www.mozilla.org/security/announce/mfsa2005-03.html