Phishing Flaw in Every Browser but IE

Got this from

This web page describes a spoof that every browser but IE allows. As near as I can tell it has to do with the fact that IDNs (International Domain Names) can have country- or language-specific characters in them, yet the display like English characters. So you will see a URL that appears to be, for instance, but it’s actually http://www.p& — the “&amp#1072” is an accented “a”.

You can circumvent this problem in Firefox but the fix doesn’t persist across browser restarts. Opera’ssupposedly got a fix for it now.