Andrej Andolsek reported that when Firefox receives a reply from a SOCKS5 proxy which contains a DNS name longer than 15 characters, the subsequent data stream in the response can become corrupted. There was no evidence of memory corruption, however, and the severity of the issue was determined to be low. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2470 [2] http://www.mozilla.org/security/announce/2009/mfsa2009-38.html [3] https://bugzilla.mozilla.org/show_bug.cgi?id=459524 [4] http://www.securityfocus.com/bid/35925 [5] http://www.securitytracker.com/id?1022665 [6] http://secunia.com/advisories/36126 [7] http://www.vupen.com/english/advisories/2009/2142 [8] http://xforce.iss.net/xforce/xfdb/52252
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0153 https://rhn.redhat.com/errata/RHSA-2010-0153.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0154 https://rhn.redhat.com/errata/RHSA-2010-0154.html