Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
https://exchange.xforce.ibmcloud.com/vulnerabilities/33487
http://www.securityfocus.com/archive/1/464041/100/0/threaded