Candidate: CVE-2009-4630
PublicDate: 2010-01-29 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4630
Description:
 Mozilla Necko, as used in Firefox, SeaMonkey, and other applications,
 performs DNS prefetching of domain names contained in links within local
 HTML documents, which makes it easier for remote attackers to determine the
 network location of the application's user by logging DNS requests.  NOTE:
 the vendor disputes the significance of this issue, stating "I don't think
 we necessarily need to worry about that case."
Ubuntu-Description:
Notes:
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
  mapping of xulrunner sources to firefox is:
   xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
   xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
   xulrunner-1.9: firefox-3.0
   xulrunner-1.9.1: firefox-3.5
 jdstrand> Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
  the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=492196
 https://bugzilla.mozilla.org/show_bug.cgi?id=453403
Priority: negligible
Discovered-by:
Assigned-to:
CVSS: 

Patches_xulrunner-1.9.1:
upstream_xulrunner-1.9.1: released (1.9.1)
dapper_xulrunner-1.9.1: DNE
hardy_xulrunner-1.9.1: DNE
intrepid_xulrunner-1.9.1: DNE
jaunty_xulrunner-1.9.1: released (1.9.1.9+nobinonly-0ubuntu0.9.04.1)
karmic_xulrunner-1.9.1: released (1.9.1.9+nobinonly-0ubuntu0.9.10.1)
lucid_xulrunner-1.9.1: DNE
maverick_xulrunner-1.9.1: DNE
natty_xulrunner-1.9.1: DNE
oneiric_xulrunner-1.9.1: DNE
precise_xulrunner-1.9.1: DNE
quantal_xulrunner-1.9.1: DNE
raring_xulrunner-1.9.1: DNE
saucy_xulrunner-1.9.1: DNE
devel_xulrunner-1.9.1: DNE


Patches_seamonkey:
upstream_seamonkey: needs-triage
dapper_seamonkey: DNE
hardy_seamonkey: ignored (reached end-of-life)
intrepid_seamonkey: needs-triage (reached end-of-life)
jaunty_seamonkey: ignored (reached end-of-life)
karmic_seamonkey: ignored (reached end-of-life)
lucid_seamonkey: ignored (reached end-of-life)
maverick_seamonkey: ignored (reached end-of-life)
natty_seamonkey: ignored (reached end-of-life)
oneiric_seamonkey: ignored (reached end-of-life)
precise_seamonkey: DNE
quantal_seamonkey: DNE
raring_seamonkey: DNE
saucy_seamonkey: DNE
devel_seamonkey: DNE