Porteus

Pale Moon has
network.IDN_show_punycode;false
set by default

but nonetheless Pale Moon showes
"xn--80ak6aa92e.com/"
not "apple.com"

...several less mainstream browsers are fortunately not vulnerable...

network.IDN_show_punycode;false- allow to show site in International codepages,
Setting it true break showing domain.

Itself such kind phishing attack already blocked by SSL certificate authority checks. And if you see warning that it mismatched for your well-known domain - that the problem.

It is for ssl connection. For http there no cure - waiting for fix.

Anyway all wide-spread browser quite vulnerable - all based on Mozilla or any other engines - chrome, ie, opera, etc.

Neve save passord in password managers, use proper extensions, use hardering for your browser - and do not visit malicious sites - like porno, torrent, etc - if you have enabled scripts on this sites - well, you enable the way insite you system.