CVE-2009-4629Sensitive Information Exposure in Mozilla Thunderbird

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Thunderbird
Timeline
PublishedJan 29
Latest updateMay 2

Description

Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-vvr5-jq6q-h8jj: Mozilla Necko, as used in Thunderbird 32022-05-02

📋Vendor Advisories

1
Red Hat
thunderbird/seamonkey: privacy compromise via DNS prefetching2009-05-09

💬Community

1
Bugzilla
CVE-2009-4629 thunderbird/seamonkey: privacy compromise via DNS prefetching2010-01-29