Security researcher 3ric Johanson reported in discussions with Richard Newman and Holt Sorenson thatVerisign"s prevention measures for homograph attacks using InternationalizedDomain Names (IDN) were insufficiently rigorous, and this led to a limited possibility for domain spoofing in Firefox. IDN allows non-English speakers to use domains in their local language. Manysupported characters are similar or identical to others in English, allowing for the potential spoofing of domain names and for phishing attacks when not blocked. In consultation with Verisign, Mozilla had added .com, .net, and .nametop-level domains to its IDN whitelist, allowing for IDN use in those top-leveldomains without restrictions. However, it became clear that a number of historical dangerous registrations continued to be valid. This issue has been fixed by removing the .com, .net, and .name top-leveldomains from the IDN whitelist, and supplementing the whitelist implementation with technical restrictions against script-mixing in domain labels. These restrictions apply to all non-whitelisted top-level domains. More information on the exact algorithm used can be found here .