Bugzilla

So the concept of the attack has been firstly [addressed in 2001](https://en.wikipedia.org/wiki/IDN_homograph_attack#Homographs_in_internationalized_domain_names).

Discussed again in 2017 [[1](https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/)], [[2](https://www.xudongz.com/blog/2017/idn-phishing/)], [[3](https://www.reddit.com/r/netsec/comments/65csdk/phishing_with_unicode_domains/)].

Noticed by top privacy/security projects like [TorProject](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21961) and [Whonix](https://forums.whonix.org/t/very-hard-to-notice-phishing-scam-firefox-tor-browser-url-not-showing-real-domain-name-homograph-attack-punycode/8373).

So, after about 23 years of real phishing threat, what did the Mozilla security team decide to do? Yep, exactly—close the related tickets and remove the ability to display fake URLs from browser.