CVE-2009-4629 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4629): Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird.
CVE-2009-4630 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4630): Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
Issues disputed by vendor. Having looked into this, it seems to be privacy related, but not an absolutely security-related thing that can be patched. This can be disabled in thunderbird manually (my guess is firefox, too).
