Someone has come up with a Firefox exploit — one that doesn't affect IE users!
You can find links to the details, at Boing Boing: Shmoo Group exploit. Here, however, is the simple info on how to protect yourself (probably):
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN — this is International Domain Name support, and it is causing the problem here. We want to turn this off — for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
I say “probably” because even though this fix works for me, there are reports that it doesn't work for everyone. The test of the exploit is here.