PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

CVE-2026-2919 Attacker-controlled content shown under spoofed domains in Focus for iOS via stalled navigation and iframe redirect

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability was fixed in Focus for...

EUVD-2020-21974

Malware in sbrugna...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client, related to authentication procedures that allow attackers to carry out spear-phishing attacks

The vulnerability of Mozilla Firefox browser and Thunderbird email client is related to deficiencies in authentication procedures, resulting from incorrect display of the domain name in the address bar. Exploiting this vulnerability allows attackers to perform spear-phishing attacks remotely...

CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-11701

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

Brave Android 1.48.160 Security Fixes

Added the ability to delete a Brave Sync chain. - Added ability to enable Safe Browsing via brave://flags. - Fixed EIP712Domain data not being displayed in Brave Wallet when signing messages as reported on HackerOne by julianor. Upgraded Chromium to 110.0.5481.77 — refer to Google Chrome...

The vulnerability of Firefox browser, related to an error in displaying the domain name in the address bar, allows attackers to compromise data integrity.

The vulnerability of Firefox browsers is related to an error in the display of the domain name in the address bar. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of data...

October 15, 2019—KB4520012 (Preview of Monthly Rollup)

October 15, 2019—KB4520012 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4520005released October 8, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates time...

CVE-2018-12382

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. This vulnerability only affects Firefox for...

CVE-2018-12448

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name...

CVE-2017-7838

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...

CVE-2017-8458

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site...

Upcoming update with IDN homograph phishing fix

Security Upcoming update with IDN homograph phishing fix Share April 21st, 2017 Domains are an integral part of the internet. Similar to how people write different languages using different characters or scripts, domain names can be composed of various scripts in whole or in part, and are called...

Adress bar is not always updated correctly when collapsed

The collapsed Address bar can in some cases temporarily show the previous domain instead of the domain of the present site...