Mozilla Foundation Security Advisory 2009-50
Title: Location bar spoofing via tall line-height Unicode characters
Announced: September 9, 2009
Reporter: Juan Pablo Lopez Yacubian
Fixed in: Firefox 3.5.3
Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site.
Corrie Sloot also independently reported this issue to Mozilla.