if you want an explanation of the exploitation of this spoofing, a smartphone with a screen size of 640 x 360 which is turned to the side of the width, ( http://whatismyandroidversion.com/ defined the screen size of an android smartphone) allows this URL spoofing vulnerability on Firefox 36.0.1 for Android

when you go on a webpage , the location bar shows only the title , so, if the user want verify the URL , the User must click on the location bar

STR

(step1) - Go to this PoC (click on the link named "Clickme for use an URL Spoofing attack")

(step2) - You will go on a phishing webpage which has an URL with special length , (Thus, in the previously page [the PoC which has leads to this phishing web page], this page could do a calculation to define the size of the URL which leads to a vulnerability of location bar spoofing) because when the user clicks on the Location Bar, these are the last characters which are shown to the trapped user and this leads to an URL Spoofing.

Clickme for use an URL Spoofing attack