In association with heise online

04 December 2006, 12:24

Several XSS vulnerabilities removed from Squirrelmail

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Close on the heels of the December 2 release of stable version 1.4.9 of Squirrelmail, a web mail client, its developers have already had to push out 1.4.9a to close a Cross Site Scripting hole (XSS). The bug advisory notes that it was possible to execute XSS attacks by using specially prepared content in the mailto parameter in webmail.php and the session and delete_draft parameters in compose.php. The magicHTML filter could also be abused for those purposes.

The processing of mail attachments has also been adjusted to reflect security concerns. Prior to the fix it was possible to falsify an attachment's MIME type, which could lead to problems specific to Internet Explorer. Microsoft's browser attempts to use the MIME type to surmise the type of content, ignoring the types indicated by the server. This could lead the browser to interpret a file as a harmless image, even if in reality it contained HTML code for the browser to execute. The flaw is contained in Internet Explorer 6 and in version 7.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit