Closed Bug 545393 Opened 14 years ago Closed 14 years ago

DNS Prefetch security issue: Information leak

Categories

(SeaMonkey :: Security, defect)

Product:
SeaMonkey
Component:
Security
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 535976

People

(Reporter: standard8, Unassigned)

Details

(Keywords: privacy, regression) 

This is the SeaMonkey version of bug 544745

+++ This bug was initially created as a clone of Bug #544745 +++

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2) Gecko/20100115 Firefox/3.6
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1

see https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
Already discussed here: https://bugzilla.mozilla.org/show_bug.cgi?id=492196

I'm not sure, but about:config has 'network.prefetch-next' (true by default), setting to false could help.
I didn't find 'network.dns.disablePrefetch' in about:config, maybe js parameter.

Depending on comments, it could be a wise choice to set default option to another value.
I think, in most case, an url link will be open by an external browser so I'm not sure what is the usage of dns prefetch here.
Another option, would be disabling prefetch when using text mode or encrypted access like gmail does or maybe have a 'paranoid' button in preferences ...
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
No longer depends on: CVE-2009-4629
V.Duplicate
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.