thr3ads.net - Secure testing team - [Secure-testing-team] Bug#569660: CVE-2010-0464: privacy compromise via DNS prefetching in web mail [Feb 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Feb-13 09:05 UTC

[Secure-testing-team] Bug#569660: CVE-2010-0464: privacy compromise via DNS prefetching in web mail

Package: roundcube
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for roundcube.

CVE-2010-0464[0]:
| Roundcube 0.3.1 and earlier does not request that the web browser
| avoid DNS prefetching of domain names contained in e-mail messages,
| which makes it easier for remote attackers to determine the network
| location of the webmail user by logging DNS requests.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0464
    http://security-tracker.debian.org/tracker/CVE-2010-0464



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt2a1AACgkQNxpp46476aqbVQCgjVhdiFuv7zrLMYX3Jz1LEoKh
R8oAnjVFFSjRSKBbizv9paoqUVLjPlaz
=GhXa
-----END PGP SIGNATURE-----

Secure testing team - Feb 2010 - Bug#569660: CVE-2010-0464: privacy compromise via DNS prefetching in web mail

[Secure-testing-team] Bug#569660: CVE-2010-0464: privacy compromise via DNS prefetching in web mail