Ya lo repararon (en parte) y apareció en el correo del voletín de seguridad de joomla
Joomla! Security News
[20090723] - Core - com_mailto Timeout Issue
Posted: 22 Jul 2009 04:36 PM PDT
* Project: Joomla!
* SubProject: com_mailto
* Severity: Low
* Versions: 1.5.13 and all previous 1.5 releases
* Exploit type: Email
* Reported Date: 2009-July-28
* Fixed Date: 2009-July-30
Description
In com_mailto, it was possible to bypass timeout protection against sending automated emails.
Affected Installs
All 1.5.x installs prior to and including 1.5.13 are affected.
Solution
Upgrade to latest Joomla! version (1.5.14 or newer).
Reported by WHK and Gergő Erdősi
Contact
The JSST at the Joomla! Security Center.
You are subscribed to email updates from Joomla! Developer - Vulnerability News
To stop receiving these emails, you may unsubscribe now. Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610
Por lo menos en esta versión de joomla evita el bypass de los 20 segundos, así no puedes enviar mas de un mail por cada esa cantidad de segundos.
De todas formas el mundo es grande y quedan muchos servidores desparchados o desactualizados
http://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html