Hi Bill, They have released a fix for Firefox which seems to address this issue
http://secunia.com/multiple_browsers_idn_spoofing_test We've had varying reports back of success using this. As far as I understand any changes you make using about:config aren't retained after you've shutdown Firefox. I believe you need to create a user.js file and drop it into your firefox profile directory (where the prefs.js file resides) to make the change permanent. The user.js file should have the following line user_pref("network.enableIDN", false); Best regards, Nick Managing Director e3internet http://www.e3internet.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 10 February 2005 01:59 To: discuss-list@opensrs.org Subject: International domain names may pose threat Fun stuff, eh? Security experts are warning about a new threat to Web surfers: malicious Web sites that use international domain names to spoof the Web addresses of legitimate sites. Attackers could register a Web domain "bloomberg.com," which looks identical to the popular business news Web site, but in which the letters "o" and "e" have been substituted with identical-looking substitutes from the Cyrillic alphabet, used in the Russian language, creating a new domain, the authors said. In another example, the authors registered the domain www.microsoft.com, in which the English letters "c" and "o" in that domain were substituted with their Cyrillic counterparts. More at http://www.computerworld.com/securitytopics/security/story/0,10801,99613 ,00.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 07/02/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 10/02/2005
