Well the latest modern browsers including Firefox , Chrome can be tricked to show a URL in address bar while I push a different file from other website. Wondering what harm that can cause? Well lets say the cyber criminals design a website that looks like a video player and asks you to update flash player when you try to play, when you click download then you see in your browser address that you are bing redirected to adobe website (its a real adobe flash download URL) but a totally different file can be downloaded. See the screenshot below to have a clear understanding.
http://cl.ly/image/0u462Z1m1w3x go here for full size picture.
http://cl.ly/image/3e2B1b261W2G go here for full size image
This vulnerability works both in Firefox and Chrome , in Windows , Linux and Mac.
Update 1: The vulnerability can be seen on this link in a sanboxed environment (NO Harm will e done to your computer if you check this link) https://hack.me/101097/browser-url-spoofing.html