CVE-2009-4629

Published: Jan 29, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.

Affected (2)

Products: Mozilla: Seamonkey, Thunderbird

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Seamonkey	All versions
Mozilla Thunderbird	Version 3.0.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=492196

Source: cve@mitre.org

https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=492196

Source: af854a3a-2127-422b-91ae-364da2661108

https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.