Upstream information
CVE-2009-1834 at MITRE
Description
Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
CVSS v2 Scores
| National Vulnerability Database |
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
SUSE Bugzilla entry:
505563 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Linux Enterprise Server 11 SP1 | mozilla-xulrunner190 >= 1.9.0.19-0.1.1
mozilla-xulrunner190-32bit >= 1.9.0.19-0.1.1
mozilla-xulrunner190-gnomevfs >= 1.9.0.19-0.1.1
mozilla-xulrunner190-translations >= 1.9.0.19-0.1.1
mozilla-xulrunner190-x86 >= 1.9.0.19-0.1.1
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA mozilla-xulrunner190-1.9.0.19-0.1.1 |
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server for SAP Applications 11 | MozillaFirefox >= 3.0.11-0.1.1
MozillaFirefox-branding-SLED >= 3.5-1.1.5
MozillaFirefox-translations >= 3.0.11-0.1.1
gconf2 >= 2.24.0-7.5
gconf2-32bit >= 2.24.0-7.5
gconf2-x86 >= 2.24.0-7.5
libfreebl3 >= 3.12.3.1-1.2.1
libfreebl3-32bit >= 3.12.3.1-1.2.1
libfreebl3-x86 >= 3.12.3.1-1.2.1
libidl >= 0.8.11-2.14
libidl-32bit >= 0.8.11-2.14
libidl-x86 >= 0.8.11-2.14
mozilla-nspr >= 4.8-1.3.1
mozilla-nspr-32bit >= 4.8-1.3.1
mozilla-nspr-x86 >= 4.8-1.3.1
mozilla-nss >= 3.12.3.1-1.2.1
mozilla-nss-32bit >= 3.12.3.1-1.2.1
mozilla-nss-tools >= 3.12.3.1-1.2.1
mozilla-nss-x86 >= 3.12.3.1-1.2.1
mozilla-xulrunner190 >= 1.9.0.11-1.1.1
mozilla-xulrunner190-32bit >= 1.9.0.11-1.1.1
mozilla-xulrunner190-gnomevfs >= 1.9.0.11-1.1.1
mozilla-xulrunner190-translations >= 1.9.0.11-1.1.1
mozilla-xulrunner190-x86 >= 1.9.0.11-1.1.1
mozilla-xulrunner191 >= 1.9.1.11-0.1.1
mozilla-xulrunner191-32bit >= 1.9.1.11-0.1.1
mozilla-xulrunner191-gnomevfs >= 1.9.1.11-0.1.1
mozilla-xulrunner191-translations >= 1.9.1.11-0.1.1
mozilla-xulrunner191-x86 >= 1.9.1.11-0.1.1
mozilla-xulrunner192 >= 1.9.2.12-0.6.1
mozilla-xulrunner192-32bit >= 1.9.2.12-0.6.1
mozilla-xulrunner192-gnome >= 1.9.2.12-0.6.1
mozilla-xulrunner192-translations >= 1.9.2.12-0.6.1
mozilla-xulrunner192-x86 >= 1.9.2.12-0.6.1
orbit2 >= 2.14.16-2.16
orbit2-32bit >= 2.14.16-2.16
orbit2-x86 >= 2.14.16-2.16
| Patchnames: slessp0-MozillaFirefox |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 16:38:12 2013
CVE page last modified: Mon Sep 9 00:10:54 2024