CVE-2009-4630

Published: Jan 29, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."

Affected (3)

Products: Mozilla: Firefox, Seamonkey, Thunderbird

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	All versions
Mozilla Seamonkey	All versions
Mozilla Thunderbird	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=453403

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=492196

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=453403

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=492196

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.