CVE-2009-4629

SeaMonkey and Thunderbird - Unauthorized DNS Prefetching Exposure

Title source: llm
STIX 2.1

Description

Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=492196

Scores

EPSS 0.0093
EPSS Percentile 56.6%

Details

CWE
CWE-200
Status published
Products (2)
mozilla/seamonkey
mozilla/thunderbird 3.0.1
Published Jan 29, 2010
Tracked Since Feb 18, 2026