[Full-disclosure] Firefox: about:blank is phisher's best friend

[Florian Weimer]

* Michal Zalewski:

> Similarly, he could spoof a native browser-originating modal warning or
> dialog to have the user do something dumb. This problem was addressed by
> forcibly prepending current site name to window title for all URL-bar-less
> windows, so that the Internet origin of such a pop-up is clear, and so
> that it will have a hard time mimicking a native window.

This is the first time I read about the forced window title change.  I
hadn't noticed it earlier.  Do you think this is a good enough
security indicator (or indicator of origin, to be more precise)?