https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
bjm_:https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
According to the 19-Apr-2017 release notes for Chrome 58.0.3029.81 this punycode / homographic attack issue (Bug 683314 / CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng) was fixed in the latest release of Chrome.
Firefox apparently uses a set of whitelisted domains (see http://kb.mozillazine.org/Network.IDN.whitelist.* - the Caveats section notes that the whitelisted domain owner's preference will only be honoured if network.IDN_show_punycode is set to False) as well as blacklisted character combinations (see http://kb.mozillazine.org/Network.IDN.blacklist_chars) but it looks like hackers have discovered a back door that can evade Mozilla's system unless network.IDN_show_punycode is set to True.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.1 * NIS v22.9.1.12 * MBAM Premium v2.2.1
https://www.ghacks.net/2017/04/17/punycode-phishing-attack-fools-even-die-hard-internet-veterans/
How to fix this in Firefox:
In your firefox location bar, type ‘about:config’ without quotes.
Do a search for ‘punycode’ without quotes.
You should see a parameter titled: network.IDN_show_punycode
Change the value from false to true.