A vulnerability was discovered today in all Gecko-based browsers, such as Firefox, Mozilla and Netscape. It allows the possibility of website spoofing, in which case you'd actually see a small popup-style graphic which would cover the address bar and contain the spoofed URL. This would likely be fairly noticable for technically aware users, as the spoofed address text would likely be a few pixels too high/low on many skins, and the font would likely seem a bit 'off'. Until a proper patch is released, there is a simple workaround. Enter the address about:config in your address bar, and change the value network.enableIDN to False. Once the fix is available, you can re-enable it using the same method. This vulnerability does not apply to any version of IE, unless you've manually added IDN support. IE does not support IDN natively. ...ironic, isn't it? Microsoft's refusal to accept international browser standards actually spared IE a vulnerability instead of spawning another one!