oss-sec mailing list archives
CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured
From: Michael Catanzaro <mcatanzaro () igalia com>
Date: Mon, 08 Jun 2015 11:46:22 -0500
It was discovered that WebKit's libsoup network backend, as used in WebKitGTK+, performs DNS prefetch even when a proxy has been configured. An attacker could use this flaw to determine which hosts a browser has prefetched. For example, this is problematic when using Tor as a proxy. See also: https://bugs.webkit.org/show_bug.cgi?id=145542 Please assign a CVE for this issue. Thanks, Michael
Current thread:
- CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured Michael Catanzaro (Jun 08)
- Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured cve-assign (Jun 08)
- Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured Michael Catanzaro (Jun 08)
- Re: CVE Request: WebKitGTK+ performs DNS prefetch when a proxy is configured cve-assign (Jun 08)