Boing Boing reports an exploit that most browsers, except IE, are vulnerable to.
Shmoo Group demonstrates the exploit, and explains it workings.
Following the proposed fix for Firefox worked for me, though there are reports that it might not work for all.
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN — this is International Domain Name support, and it is causing the problem here. We want to turn this off — for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to ‘true’. Change it to ‘false’ (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo again and notice it no longer works. (Chris Smith)
UPDATE:
Firefox has released an update which fixes the problem.