The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11721
Acknowledgments: Name: the Mozilla project Upstream: Anonymous
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11721