Mozilla Products Necko DNS Information Disclosure Vulnerability (Win) Network Vulnerability

Summary

The host is installed with Thundebird/Seamonkey and is prone to Information Disclosure vulnerability.

Impact

Successful exploitation will let the attackers obtain the network location of the applications user by logging DNS requests. Impact Level: Application

Solution

Apply the patch or Upgrade to Mozilla Necko version 1.9.1 http://www.mozilla.com/en-US/products/ https://bug492196.bugzilla.mozilla.org/attachment.cgi?id=377824 ***** NOTE: Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw exists while DNS prefetching, when the app type is 'APP_TYPE_MAIL' or 'APP_TYPE_EDITOR'

Affected

Mozilla Thunderbird version 3.0.1 and Seamonkey with Mozilla Necko version 1.9.0 and prior on Windows.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=492196
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4629

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
Apache /server-info accessible
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)

Take action and discover your vulnerabilities