Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
osvdb.org/55162
secunia.com/advisories/35331
secunia.com/advisories/35415
secunia.com/advisories/35431
secunia.com/advisories/35439
secunia.com/advisories/35468
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
www.debian.org/security/2009/dsa-1820
www.mozilla.org/security/announce/2009/mfsa2009-25.html
www.securityfocus.com/bid/35326
www.securityfocus.com/bid/35388
www.vupen.com/english/advisories/2009/1572
bugzilla.mozilla.org/show_bug.cgi?id=479413
bugzilla.redhat.com/show_bug.cgi?id=503573
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436
rhn.redhat.com/errata/RHSA-2009-1095.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html