Addressbar spoofing with right-to-left characters on Firefox for Android
- August 2, 2016
- Rafay Baloch
- Fixed in
- Firefox 48
Security researcher Rafay Baloch reported a mechanism to spoof the addressbar in Firefox for Android using right-to-left character sets when combined with left-to-right characters. This can be used to cause only certain portions of the loaded left-to-right character portion of the URL to be displayed, misleading users as to what site is loaded, possibly leading to phishing attacks.
This vulnerability does not affect the desktop version of Firefox.