QwikSec

Security Database

CVE

CWE

Training

CVE-2010-0464

Published: Jan 29, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

x_refsource_MISC

http://trac.roundcube.net/ticket/1486449

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.