Mozilla add-on developer Pavel Cvrcek reported that certain invalid unicode characters, when used as part of an IDN, are displayed as whitespace in the location bar. This whitespace could be used to force part of the URL out of view in the location bar. An attacker could use this vulnerability to spoof the location bar and display a misleading URL for their malicious web page.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2009:1095 https://rhn.redhat.com/errata/RHSA-2009-1095.html
firefox-3.0.11-1.fc10, xulrunner-1.9.0.11-1.fc10, epiphany-2.24.3-7.fc10, epiphany-extensions-2.24.3-2.fc10, blam-1.8.5-11.fc10, devhelp-0.22-9.fc10, galeon-2.0.7-11.fc10, gecko-sharp2-0.13-9.fc10, gnome-python2-extras-2.19.1-31.fc10, gnome-web-photo-0.3-19.fc10, google-gadgets-0.10.5-7.fc10, kazehakase-0.5.6-4.fc10.3, Miro-2.0.3-5.fc10, mozvoikko-0.9.5-11.fc10, mugshot-1.2.2-10.fc10, pcmanx-gtk2-0.3.8-10.fc10, perl-Gtk2-MozEmbed-0.08-6.fc10.2, ruby-gnome2-0.18.1-5.fc10.3, yelp-2.24.0-10.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
firefox-3.0.11-1.fc9, xulrunner-1.9.0.11-1.fc9, epiphany-2.22.2-12.fc9, epiphany-extensions-2.22.1-12.fc9, blam-1.8.5-10.fc9.1, chmsee-1.0.1-13.fc9, devhelp-0.19.1-13.fc9, evolution-rss-0.1.0-12.fc9, galeon-2.0.7-11.fc9, gnome-python2-extras-2.19.1-28.fc9, gnome-web-photo-0.3-22.fc9, google-gadgets-0.10.5-7.fc9, gtkmozembedmm-1.4.2.cvs20060817-30.fc9, kazehakase-0.5.6-4.fc9.3, Miro-2.0.3-5.fc9, mozvoikko-0.9.5-11.fc9, mugshot-1.2.2-10.fc9, ruby-gnome2-0.17.0-10.fc9, totem-2.23.2-17.fc9, yelp-2.22.1-13.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.