Safari
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0234
Impact: Maliciously registered International Domain Names (IDN) can make URLs visually appear as legitimate sites.
Description: Support for Unicode characters within domain names (International Domain Name support) can allow maliciously registered domain names to visually appear as legitimate sites. Safari has been modified so that it consults a user-customizable list of scripts that are allowed to be displayed natively. Characters based on scripts that are not in the allowed list are displayed in their Punycode equivalent. The default list of allowed scripts does not include Roman look-alike scripts. Credit to Eric Johanson (ericj@shmoo.com) for reporting this issue to us. More information is available here (9).
OK, it took 6 weeks.