Date: Mon, 08 Jun 2015 11:46:22 -0500 From: Michael Catanzaro <mcatanzaro@...lia.com> To: oss-security@...ts.openwall.com Subject: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured It was discovered that WebKit's libsoup network backend, as used in WebKitGTK+, performs DNS prefetch even when a proxy has been configured. An attacker could use this flaw to determine which hosts a browser has prefetched. For example, this is problematic when using Tor as a proxy. See also: https://bugs.webkit.org/show_bug.cgi?id=145542 Please assign a CVE for this issue. Thanks, Michael
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ