The Mozilla Foundation, the not-for-profit promoter of
open source, has updated its Firefox browser to block a number of
reported vulnerabilities.
The update deals with a recently reported vulnerability common
to a number of browsers that support the Internationalised Domain
Names (IDN) standard, which handles special character sets in
domain names.
IDN allows companies to register domain names that appear to be
the same in different languages. But this encoding scheme can allow
an attacker to create a fake website for a phishing scam.
A spoofed link can appear to be a legitimate URL in the address
bar of affected browsers, but instead of taking the victim to the
trusted site, the link leads to a phishing website that will try
and glean personal details from the user.
The new Firefox 1.0.1 blocks this vulnerability by showing users
that they have been transferred to a different domain and are not
on the same trusted site.
Microsoft’s Internet Explorer is not affected by the
vulnerability as it does not support IDN.
Mozilla says there have been 27 million downloads of Firefox
since it was launched last year. Version 1.0.1 is available from
www.mozilla.org.