You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-29
Mozilla Foundation Security Advisory 2005-29
Title: Internationalized Domain Name (IDN) homograph spoofing
Reporter: Eric Johanson
Products: Firefox, Mozilla Suite
Fixed in: Firefox 1.0.1
Mozilla Suite 1.7.6
Internationalized Domain Names (IDN) allow non-English speakers to use domains in their local language. Because many supported characters are similar to other (if not identical in some fonts) there is the possibility this could be used to construct perfect, indistinguishable phishing sites.
As a temporary measure the Mozilla Foundation has decided to turn off IDN and instead will display such domains in their raw "punycode" form. IDN will be re-enabled when the domain registries, standards bodies, and browser vendors can agree on a plan to prevent the use of IDN domains in phishing scams.
Upgrade to a fixed version.