If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Debian_linux | Debian | 7.0 (including) | 7.0 (including) |
| Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
| Debian_linux | Debian | 9.0 (including) | 9.0 (including) |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:52.6.0-1.el6_9 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:52.6.0-1.el6_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:52.6.0-1.el7_4 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:52.6.0-1.el7_4 | * |
| Firefox | Ubuntu | artful | * |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Thunderbird | Ubuntu | artful | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | xenial | * |