Mozilla Firefox 3.0.6 does not properly prevent the literal rendering
of homoglyph characters in IDN domain names, which allows remote
attackers to spoof URLs and conduct phishing attacks, as demonstrated
by homoglyphs of the / (slash) and ? (question mark) characters in a
subdomain of a .cn domain name, a different vulnerability than
Fixed in 3.0.7.
Ready to vote, I vote YES (together with #261386).
YES too, it's already in glsamaker anyway (even drafted).
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
This issue was resolved and addressed in
GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).