Rohan Sharma

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 115 **Description** The issue is related to errors in the representation of information by the user interface, specifically with the RTL Arabic Character Handler component. It may allow a remote attacker to conduct spoofing attacks using a specially crafted web page. The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. **Recommendations** For versions prior to 115, update to version 115 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RTL Arabic characters in the address bar until the update is applied. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 92 **Description** The issue arises when a domain name contains a Right-to-Left (RTL) character, causing the domain to be rendered to the right of the path. This can lead to user confusion and potentially facilitate spoofing attacks. The bug specifically affects Firefox for Android, with other operating systems being unaffected. **Recommendations** For versions prior to 92, update to version 92 or later to resolve the issue. As a temporary workaround, consider avoiding the use of domain names with RTL characters in Firefox for Android until the update is applied.

**Name of the Vulnerable Software and Affected Versions** url-parse versions prior to 1.5.8 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key. This allows for potential unauthorized access. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.5.8, update to version 1.5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas that rely on the `url-parse` package until the update is applied.

Name of the Vulnerable Software and Affected Versions: macOS Server versions prior to 5.11 Description: An issue existed in the parsing of URLs, which was addressed with improved input validation. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. Recommendations: For macOS Server versions prior to 5.11, update to version 5.11 to resolve the issue. As a temporary workaround, consider restricting access to URLs that may be maliciously crafted until the update is applied.