Firefox IDN (International Domain Name) vulnerability - patched
Note: Patched means turned off, not fixed:
https://addons.mozilla.org/messages/307259.html
Until Mozilla releases a version of Firefox with IDN turned off by default, or an integrated fix, any new user of Firefox will be vulnerable, unless they know to go searching for the fix/patch. At time of writing there is no alert on the home page (getfirefox.com) and Firefox does not have an automatic update facility.
The reassuring thing about Internet Explorer is that fixes are pushed out via Windows Update, Automatic Update, the Download Centre and Microsoft Update, and the home page of Internet Explorer highlights the latest security updates.