The displayed addressbar URL can be spoofed on Firefox for Android using a `javascript:` URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. *This vulnerability only affects Firefox for Android.* External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12382
Acknowledgments: Name: the Mozilla project Upstream: Jordi Chancel