Mandriva Linux Security Advisory 2010-048 – Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86718/MDVSA-2010-048.txt
Source: https://packetstormsecurity.com/files/86718/Mandriva-Linux-Security-Advisory-2010-048.html