The flaw is really in the IDN implementation. It allows a URL to be spoofed, as well as the SSL certificate and status bar. How do we remedy this problem? For right now you need to type in or copy and paste URLs from sites that you do not “trust”. I have not found anything from the folks at Mozilla about when a fix will be released.