Ah, firefox has hit the big time. Why? It has a bug that IE doesn’t. It has to do with IDN names mimicking real domains, IE hasn’t implemented this yet. They use the international characters to make it look like you are at a different site. In order to get this to work, they have to get you to click a link – so there will be phishing scams coming I’m sure. Try the demo out here. Full info on the exploit here.
Someone has shown how to disable IDN here.