CVE-2009-4629

Name of the Vulnerable Software and Affected Versions Mozilla Necko versions used in Thunderbird 3.0.1, SeaMonkey, and other applications

Description The issue allows remote attackers to determine the network location of the application's user by logging DNS requests. This is demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. The problem arises because Mozilla Necko performs DNS prefetching even when the application type is set for mail or editor.

Recommendations For Thunderbird 3.0.1, consider disabling DNS prefetching to prevent exploitation. For SeaMonkey, restrict DNS prefetching for mail and editor application types until a fix is available. As a temporary workaround, avoid reading suspicious text/plain e-mail messages in Thunderbird until the issue is resolved.