Your submission was sent successfully! Close

CVE-2009-1834

Published: 12 June 2009

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.1.17+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.1.17+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.1.17+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.1.17+nobinonly-0ubuntu1)
upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2)
jaunty
Released (1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1)
karmic Does not exist

upstream Needs triage

xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.9.1~rc2+nobinonly-0ubuntu1)
upstream Needs triage