Location bar spoofing via tall line-height Unicode characters

ID MFSA2009-50
Type mozilla
Reporter Mozilla Foundation
Modified 2009-09-09T00:00:00


Security researcher Juan Pablo Lopez Yacubian reported that the default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. In such cases the tall line-height would cause the rest of the text in the input field to be scrolled vertically out of view. An attacker could use this vulnerability to prevent a user from seeing the URL of a malicious site. Corrie Sloot also independently reported this issue to Mozilla.