Secunia has reported yesterday about a new Windows Injection vulnerability which affects all browsers out, from Internet Explorer to Mozilla Firefox, Opera, Konqueror, Safari, Netscape. 
This vulnerability allows a malicious website to inject content into another site's window if the target name of the window is known. This can be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
Here is a demonstration of the vulnerability built by Secunia for testing...solution? For the moment nothing on the air, only recommendation: do not browse untrusted sites while browsing trusted sites.