5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
56.7%
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications,
performs DNS prefetching of domain names contained in links within local
HTML documents, which makes it easier for remote attackers to determine the
network location of the application’s user by logging DNS requests. NOTE:
the vendor disputes the significance of this issue, stating “I don’t think
we necessarily need to worry about that case.”
Author | Note |
---|---|
jdstrand | CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 9.04 | noarch | xulrunner-1.9.1 | < 1.9.1.9+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | xulrunner-1.9.1 | < 1.9.1.9+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |