Mozilla Foundation Security Advisory 2009-50

Location bar spoofing via tall line-height Unicode characters

Announced
September 9, 2009
Reporter
Juan Pablo Lopez Yacubian
Impact
Low
Products
Firefox
Fixed in
  • Firefox 3.0.14
  • Firefox 3.5.3

Description

Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site.

Corrie Sloot also independently reported this issue to Mozilla.

References