And it explains why several users here have recently managed to get rogue AV scanners installed.
How to combat this? Dunno. Tineye type reverse image search on the generated page looking for a score above a threshold match to genuine Firefox alert screens? Would that be too slow?