Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0463 to the following vulnerability: Name: CVE-2010-0463 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0463 Assigned: 20100129 Reference: MISC: https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail Reference: CONFIRM: http://bugs.horde.org/ticket/8836 Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Jason, Nick, Nigel, could you schedule relevant Fedora-11 and Fedora-12 Horde's IMP updates? Thanks, Jan.
imp-4.3.6-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/imp-4.3.6-1.fc13
imp-4.3.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/imp-4.3.6-1.fc12
imp-4.3.6-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/imp-4.3.6-1.el5
imp-4.3.6-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/imp-4.3.6-1.fc11
This is *not* fixed in upstream horde 3.3.6 / imp 4.3.6. So the updates mentioned in comment #3 - comment #6 do not include a fix for this. I'm going to fix bodhi update requests.
horde-3.3.8-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
imp-4.3.7-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
imp-4.3.7-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
horde-3.3.8-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.