Brent, this is a little unsettling. I ran the test which returned a positive response indicating I am vunerable. In the absence of a fix I assume the exposure comes when a pfishing attempt is made and I respond to the request.
Am I thinking correctly as you read the article? If so the moral of the story is to never respond to requests for information of this type from anyone via the Internet. Already this is my practice. Sad, sad!!
Pop-up Loophole Opens Browsers to Phishing Attacks
Security firm Secunia has warned that most Web browsers are vulnerable to a simple "phishing" technique that could make fraudulent content appear genuine. The Copenhagen, Denmark, company on Wednesday published five advisories on the issue, covering fully patched, standard versions of Internet Explorer, Firefox, Opera, Konqueror and Safari. Secunia also published a demonstration allowing users to test their browsers. The test appeared to work on both Windows and Mac OS X platforms.
The problem is in the way browsers handle pop-up windows, which are used by many trusted sites such as banks. Because browsers aren't designed to check whether another site is allowed to change the content of a pop-up window, a malicious site can insert its own content into any pop-up window, as long as the target name of the window is known, Secunia said.
Test your browser: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/