Ahmed Elsobky

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 68.8.0 **Description** The issue is related to errors in processing Unicode characters in the message header, allowing a remote attacker to spoof the sender's email address displayed by Thunderbird. This is achieved by encoding Unicode whitespace characters within the From email header. **Recommendations** For versions prior to 68.8.0, update to version 68.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the display of email headers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 90.0.4430.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient data validation in the QR scanner, allowing an attacker to perform domain spoofing via a crafted QR code. This could enable a remote attacker to gain unauthorized access to protected information using a specially crafted web page. **Recommendations** For Google Chrome versions prior to 90.0.4430.72, update to version 90.0.4430.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 71.0.3578.80 **Description** The issue is related to the incorrect handling of bidirectional domain names with RTL characters in the Omnibox. This allowed a remote attacker to spoof the contents of the Omnibox via a crafted domain name. The attacker could manipulate the Omnibox (URL bar) using a specially crafted domain name, potentially leading to spoofing attacks. **Recommendations** For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue.