Endpoint Vulnerability

Addressbar spoofing with right-to-left characters on Firefox for Android

Description

Security researcher Rafay Baloch reported a mechanism to spoof the addressbar in Firefox for Android using right-to-left character sets when combined with left-to-right characters. This can be used to cause only certain portions of the loaded left-to-right character portion of the URL to be displayed, misleading users as to what site is loaded, possibly leading to phishing attacks.

Affected Products

Firefox

References

CVE-2016-5267,