No sooner had the trumpets blared for Firefox as a secure alternative to Internet Explorer, than somebody goes and finds a hole in it.
According to the Register, a loophole in Mozilla, Firefox, Opera, Netscape, Safari, Konqueror and others, means the URL display could be spoofed.
The bug could be exploited by registering domain names with certain international characters - which look like other commonly-used characters - in order to hoodwink users into believing they on a different, trusted site. As such, the bug creates a new wheeze for phishing attacks. For Germans to use national German characters in ".de" domains, for example, is one thing, but the use of national characters has been extended to the international domain space (.com, .net an .org) and extends the scope for confusion.
Apparently it's not a design flaw in the browsers themselves, but the implementation of international domain names. Though surely, it's the job of designers and programmers to watch this stuff.
Meanwhile, it appears that Firefox is looking for a commercial partner. Sayeth ZDNet:
[Tristant Nitot] The European head of the Mozilla Foundation, which manages the browser's development, predicts that the product now has enough credibility to attack the commercial and public sector worlds.
"In order to woo businesses and government organizations, we are developing complementary administration tools to the browser to make it easier to deploy to a network," he said.
"We're also looking at getting together with a commercial partner, which will provide technical support and other services around Firefox."
A commercial partner for Firefox. Hmmm.
