CVE-2009-0652 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652): Mozilla Firefox 3.0.6 does not properly prevent the literal rendering of homoglyph characters in IDN domain names, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233.
Fixed in 3.0.7. Ready to vote, I vote YES (together with #261386).
YES too, it's already in glsamaker anyway (even drafted).
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).