A new version of the Mozilla Firefox browser fixes a flaw that made users vulnerable to online fraud. The flaw allowed fraudsters to set up fake Web sites with names indistinguishable from legitimate companies.
It worked because, to a Firefox user, a Web address with one Cyrillic letter in place of the Latin-script letters used in English could look indistinguishable from an address written completely in Latin script. For instance, a Cyrillic "a" looks just like the Latin "a," but if used in a Web address, it will send the surfer to a different site.
Firefox 1.0.1, released last week, shows Web addresses with foreign scripts in code, preceded by the letters "xn." So "paypal.com" with a Cyrillic "a" becomes "xn--pypal-4ve.com."
This means that perfectly legitimate Web sites with names in, say, Latvian, will display with the "xn" prefix.
The Mozilla Foundation, which distributes the browser, said the change is temporary, but a long-term solution requires industry cooperation.
The latest "beta" version of the Opera browser, also released last week, makes a similar change. It displays Web addresses in the original script only if they are registered in countries that Opera considers to have proper controls against scam addresses.
Web addresses in foreign scripts do not work in Microsoft Corp.'s Internet Explorer without installing a special plug-in.