BEAST (Browser Exploit Against SSL/TLS) was recently unveiled by a pair of researchers at a convention in Buenos Aires.
Newer versions of TLS (1.1, 1.2) are not susceptible to the attack, but those versions are not yet implemented in Firefox, Chrome, or Safari browsers. Because of the way this protocol works, a web server set to use a higher version will not work with a browser on a lower version, so to maximize compatibility, most sites are still on TLS 1.0. So even though the weakness has been remedied, the vast majority of sites and browsers are vulnerable to this.
I don’t have all of the details around the attack, but it would seem that this could be combined with Cross-site scripting (XSS) in a phishing scheme.