Name | CVE-2009-4630 |
Description | Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case." |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
iceape | source | etch | (not affected) | |||
iceape | source | lenny | (not affected) | |||
iceape | source | (unstable) | 2.0-1 | low | ||
iceweasel | source | lenny | (not affected) | |||
iceweasel | source | (unstable) | 3.5.11-2 | |||
xulrunner | source | etch | (not affected) | |||
xulrunner | source | lenny | (not affected) | |||
xulrunner | source | (unstable) | 1.9.1-1 | low |
[etch] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
[lenny] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
mozilla's dns prefetching leads to disclosure of the user's network location