The bad news is that there is a slightly obscure security flaw in Firefox. The good news is that it is dead simple to change Firefox’s configuration to plug the security hole.
A little background:
The flaw comes in the way that Firefox handles IDNs, International Domain Names. The whole point of IDNs are so that domain names using Unicode can have their non-ASCII characters, i.e., characters in Chinese, Arabic, Cyrillic, etc., translated by the web browser or other internet using application into their ASCII equivalents.
More background can be found at the [Wikipedia entry for Internationalized Domain Names].
There are currently two methods available to fix the problem- a patch or a manual configuration change. The Mozilla site has [instructions available].
To back up my dead simple claim, here is the entire procedure to manually update the configuration:
- Open a new tab in Firefox. (You are using Firefox right now, aren’t you?)
- Flip to the new tab and enter
about:configin the address bar - Zoom into the settings for IDN support by typing
idnin the Filter toolbar at the top of the page. - Double-click on the entry for
network.EnableIDNso that it toggles the value from “True” to “False”. - Close and Restart Firefox, go back to
about:configand verify that the setting is “False”.