Phishing Flaw in Every Browser but IE

Got this from digg.com:

This web page describes a spoof that every browser but IE allows. As near as I can tell it has to do with the fact that IDNs (International Domain Names) can have country- or language-specific characters in them, yet the display like English characters. So you will see a URL that appears to be, for instance, http://www.paypal.com but it’s actually http://www.p&amp#1072ypal.com — the “&amp#1072” is an accented “a”.

You can circumvent this problem in Firefox but the fix doesn’t persist across browser restarts. Opera’ssupposedly got a fix for it now.