I just installed Firefox ver 1.01.
The open-source project released Firefox 1.0.1 to fix, among other bugs, a vulnerability in the Internationalized Domain Names (IDN), a standard for handling special character sets in domain names that lets companies register domain names that appear to be the same in different languages.
The IDN vulnerability allowed an attacker to create a fake Web site on a non-Microsoft browser in order to pull off a phishing scam. A spoofed link would seem to be a legitimate URL in the address bar of affected browsers. But instead of taking the victim to the trusted site, the link would lead to a phony Web site with a domain rendered as the same address under the IDN process.
The updated browser will display the IDN Punycode in the address bar, preventing URL spoofing. Punycode is the encoding of Unicode strings into the limited character set supported by the Domain Name System and IDN.
Posted by Linkmeister at February 25, 2005 09:30 AM