The Mozilla Foundation on Thursday released an update to the Firefox Web browser to fix several vulnerabilities, including one that would allow domain spoofing.
The open-source project released Firefox 1.0.1 to fix a vulnerability in the Internationalized Domain Names (IDN), a standard for handling special character sets in domain names that could let an attacker spoof Web sites on non-Microsoft browsers. The standard allows companies to register domain names that appear to be the same in different languages.
That encoding scheme could enable an attacker to create a fake Web site for a phishing scam. A spoofed link would seem to be a legitimate URL in the address bar of affected browsers. But instead of taking the victim to the trusted site, the link would lead to a phony Web site with a domain rendered as the same address under the IDN process.
The update is available for Windows, Mac OS X and Linux at Mozilla.org.