Mozilla Corporation member Deb Richardson gives us this thorough tour of the new trust indicators in Firefox 3. Apparently Firefox will have a five-tiered color scheme, which goes (in decreasing order of trust):
Green - EV SSL Certificate. Complete idenity known, both domain and organization.
Blue - SSL Certificate. Partial identity know. Domain only.
Gray - no information.
Yellow - invalid certificate. Deb's example includes a self-signed certificate.
Red - phishing site.
The careful observer will notice that this scheme is very similar to (though not identical to) IE7's four-tier system of green, "clear" (white), yellow, and red. The meanings of yellow and red are subtly different. In IE7 certificate errors also earn red status, and yellow is reserved for "suspicious" sites. The meanings of green and clear/gray are identical in both browsers.
The seasoned Firefox user may also wonder with yellow becoming an indicator of untrustworthiness, what's happening to the old "gold" color that indicated an SSL session in earlier versions of Firefox. Although I still see gold in the beta I'm running on my desktop (beta 5), I have heard that the "gold" convention will be going away by the time Firefox goes GA.