paul Posted February 25, 2010 Report Share Posted February 25, 2010 Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests (CVE-2010-0464). The updated packages have been patched to correct this issue. Link to comment Share on other sites More sharing options...
Recommended Posts