CVE-2009-4630

NameCVE-2009-4630
DescriptionMozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesourceetch(not affected)
iceapesourcelenny(not affected)
iceapesource(unstable)2.0-1low
iceweaselsourcelenny(not affected)
iceweaselsource(unstable)3.5.11-2
xulrunnersourceetch(not affected)
xulrunnersourcelenny(not affected)
xulrunnersource(unstable)1.9.1-1low

Notes

[etch] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
[lenny] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
mozilla's dns prefetching leads to disclosure of the user's network location

Search for package or bug name: Reporting problems