DNS Prefetching Vulnerability in Horde IMP by Horde
CVE-2010-0463
Currently unrated
What is CVE-2010-0463?
The vulnerability in Horde IMP allows remote attackers to expose the network locations of webmail users through DNS prefetching. Specifically, versions 4.3.6 and earlier fail to adequately instruct web browsers to prevent DNS queries for domain names contained in email messages. This oversight can lead to sensitive information being leaked, as the attackers can log DNS requests to gain insight into a user’s physical network location.
