Multiple Web Browser International Domain Name Handling Site Property Spoofing Vulnerabilities
Multiple browsers are reported prone to vulnerabilities that surround the handling of International Domain Names.
The vulnerabilities are caused by inconsistencies in how International Domain Names are processed. Reports indicate that attackers can leverage this to spoof address bars, status bars, and SSL certificate values.
Remote attackers may exploit these vulnerabilities in phishing-style attacks. Through a false sense of trust, users may voluntarily disclose sensitive information to a malicious website.
Although these vulnerabilities are reported to affect browsers, mail clients that depend on the browser to generate HTML code may also be affected.