[clusmore]

Just to be clear, you're referring to real Firefox address bar (pointing to TFA), not the fake Chrome address bar (pointing to hsbc.com). So yes, in this case Firefox has (accidentally?) somewhat thwarted this attack vector.

[tty2300]

It certainly looks accidental. It hides on scroll on other pages but this one causes it to half hide and then it pops back up again.

[grahamburger]

I noticed this as well. I'm wondering if FF is smart enough to always show it's own title bar if a CSS element is pinned to the top of the viewport? Gotta do more testing ...