fkie_cve-2009-4630
Vulnerability from fkie_nvd
Published
2010-01-29 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
References
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=453403
cve@mitre.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=492196
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=453403
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=492196
Impacted products
Vendor Product Version
mozilla firefox *
mozilla seamonkey *
mozilla thunderbird *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C8E657-3049-4462-98F6-296C60BC8C5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application\u0027s user by logging DNS requests.  NOTE: the vendor disputes the significance of this issue, stating \"I don\u0027t think we necessarily need to worry about that case.\""
    },
    {
      "lang": "es",
      "value": "Mozilla Necko usado en Firefox, SeaMonkey y otras aplicaciones, realiza una pre-consulta sobre los nombres de dominio en enlaces dentro de los documentos HTML locales, lo que facilita a atacantes remotos el determinar la localizaci\u00f3n de red de las aplicaciones de usuario mediante peticiones de loggin DNS. NOTA: el fabricante cuestiona la importancia de esta cuesti\u00f3n, diciendo que \"No cree necesario preocuparse por ese tema\"."
    }
  ],
  "id": "CVE-2009-4630",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-29T18:30:00.887",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=453403"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=492196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=453403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=492196"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of Firefox, Thunderbird, or Seamonkey as shipped with Red Hat Enterprise Linux 3, 4,\nor 5.",
      "lastModified": "2010-02-01T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.