The problem is caused due to an unintended result of the IDN (International Domain Name) implementation, which allows using international characters in domain names.
This can be exploited by registering domain names with certain international characters that resembles other commonly used characters, thereby causing the user to believe they are on a trusted site.
Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/multiple_browsers_idn_spoofing_test/
The issue has been confirmed in Mozilla 1.7.5 and Firefox 1.0. A work-around until a fix/update is released can be found at http://forums.mozillazine.org/viewtopic.ph...15221 and involves commenting out a single line in one file in your Firefox profile directory.
Belchfire recommends you test your browser and do the suggested work-around and re-test to ensure you won't be 'spoofed' using this exploit. If using another browser and the spoofing test comes back positive, check the web site for your browser for updates or browser-specific info to correct the problem.
