For once, IE doesn't have the problem.

http://www.msnbc.msn.com/id/6930868/

Apparently, this problem is because "The newly discovered exploit takes advantage of the fact that characters that look alike can have two separate codes in Unicode and thus appear to the computer as different. For example, Unicode for "a" is 97 under the Latin alphabet, but 1072 in Cyrillic.

"Subbing one for the other can allow a scammer to register a domain name that looks to the human as "paypal.com," tricking users into giving passwords and other sensitive information at what looks like a legitimate site."

It is possible to avoid being caught by this. I notice this in the article regarding e-mail links:

Quote:

---

A better solution is to always manually type Web address directly into a browser rather than clicking on a link sent via e-mail or even copying and pasting that link.

---

Further to that, never follow a link from any website that leads to any money based site such as your bank or a PayPal account. Always go to the site's homepage and follow the site's internal links leading to the pages where information is entered about credit cards or account numbers. Alternatively (or even preferably), only use your regular bookmarks to get to sites that might involve typing financial details in.

Although the article highlights yet another way that villains might trick people into giving away bank or credit card details, 'Phishing' tactics in general have been around for a while now. Most of these apply to IE as well. Even though this particular method of site spoofing only affects newer browsers supporting the extra characters, it should still be possible to avoid being fooled by following the same established practices mentioned above.

It would be best make these cautionary measures part of the ABC of using the Internet and e-mail. It's bit like the rule about not opening e-mail attachments when the origins of it are unknown. Treat not clicking on e-mail links (or those on the Web) to PayPal, banks etc with the same importance as that and all should be well.

There is a Firefox workaround available for this vulnerability. It involves editing a file, so perhaps many Firefox users won't want to do it. Read how to effect the fix here

A demonstration of the vulnerability can be seen here. Just read what the expected results are and click on the link in the page (lower down the page are links that lead to tests for other non-IE browsers). If you decide to modify the Firefox file, try a 'before and after' file modification test. You'll find the fix does work.

Talk of vulnerabilities in any browser is always unsettling. However, with caution, most risks can be greatly reduced. Despite this vulnerability, other browsers are still more secure than IE in my opinion, mainly because they don't use active scripting (ActiveX). Unfortunately, there will always be those who look for ways to breach the security of any browser. None of them will ever be completely immune to that. All you can do is choose the one you think is best and least vulnerable. As ladymacb has shown though, it is still necessary to be on your guard even if you do come away from IE.

An upgraded version of 'Spoofstick' for Firefox has been released. This one can detect a site attempting to exploit this newly discovered vulnerability.

Download it from here