CVE-2019-9970
Open Whisper Signal (Signal-Desktop) up to version 1.23.1 and Signal Private Messenger for Android up to 4.35.3 are vulnerable to an IDN homograph attack when displaying messages that contain URLs. The root cause is that the app renders a clickable link even when the domain contains mixed Latin/C...