The flaw affects a broad range of browsers that use the open-source Gecko browser kernel. Anyone using Firefox, Safari, or the like, could be visiting spoofed sites without realizing it. Since some phishing scams rely on fake sites to collect personal information, users could be opening themselves up to identity theft.

The spoofing flaw arises from the way that browsers handle Web addresses that include international characters in International Domain Name URLs. The flaw can be exploited by registering domain names with international characters that resemble more commonly used characters. For example, a zero can be put in place of the letter "O" leading to the registration of "Micr0s0ft.com."