Candidate: CVE-2009-4629
PublicDate: 2010-01-29 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4629
 https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
Description:
 Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other
 applications, performs DNS prefetching even when the app type is
 APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote
 attackers to determine the network location of the application's user by
 logging DNS requests, as demonstrated by DNS requests triggered by reading
 text/plain e-mail messages in Thunderbird.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=492196
Priority: negligible
Discovered-by:
Assigned-to:
CVSS: 


Patches_xulrunner-1.9.1:
upstream_xulrunner-1.9.1: needs-triage
dapper_xulrunner-1.9.1: DNE
hardy_xulrunner-1.9.1: DNE
intrepid_xulrunner-1.9.1: DNE
jaunty_xulrunner-1.9.1: released (1.9.1.9+nobinonly-0ubuntu0.9.04.1)
karmic_xulrunner-1.9.1: released (1.9.1.9+nobinonly-0ubuntu0.9.10.1)
devel_xulrunner-1.9.1: released (1.9.1.9+nobinonly-0ubuntu1)


Patches_thunderbird:
upstream_thunderbird: released (3.0.2)
dapper_thunderbird: DNE
hardy_thunderbird: not-affected
intrepid_thunderbird: not-affected
jaunty_thunderbird: not-affected
karmic_thunderbird: not-affected
devel_thunderbird: released (3.0.4+nobinonly-0ubuntu1)