support for ASCII coding being used for the International Domain Name (IDN) specification in order to allow domains to be typed with country-specific characters such as the Spanish "ñ" or German "ü" has revealed a spoofing flaw..

Source [betanews.com]

Because the flaw lies in the basic implementation of IDN, it's unclear how browser vendors will protect their users. Mozilla developers say they are working on a long-term solution to the issue, and in the meantime will instruct users on disabling IDN support.

Source: [news.netcraft.com]

The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration fucntions). There is no known workaround yet for Opera or Safari