The Mozilla Foundation, the not-for-profit promoter of open source, has updated its Firefox browser to block a...
number of reported vulnerabilities.
The update deals with a recently reported vulnerability common to a number of browsers that support the Internationalised Domain Names (IDN) standard, which handles special character sets in domain names.
IDN allows companies to register domain names that appear to be the same in different languages. But this encoding scheme can allow an attacker to create a fake website for a phishing scam.
A spoofed link can appear to be a legitimate URL in the address bar of affected browsers, but instead of taking the victim to the trusted site, the link leads to a phishing website that will try and glean personal details from the user.
The new Firefox 1.0.1 blocks this vulnerability by showing users that they have been transferred to a different domain and are not on the same trusted site.
Microsoft’s Internet Explorer is not affected by the vulnerability as it does not support IDN.
Mozilla says there have been 27 million downloads of Firefox since it was launched last year. Version 1.0.1 is available from www.mozilla.org.