Roundcube 0.3.1 and previous versions does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote malicious users to determine the network location of the webmail user by logging DNS requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roundcube webmail 0.1 |
||
roundcube webmail 0.2.1 |
||
roundcube webmail 0.3 |
||
roundcube webmail 0.1.1 |
||
roundcube webmail 0.2 |
||
roundcube webmail |
||
roundcube webmail 0.2.2 |