It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string.
Name: the Mozilla project
Upstream: Sabri Haddouche
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061