SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Cross site scripting in HTML filter

Date:
2007-05-09
Description:
There's an ongoing battle to further secure the HTML filter against malicious HTML mail and the browsers that accept almost any malformed piece of HTML.

This release contains fixes for the following:
- HTML attachments containing "data:" URLs;
- Internet Explorer in various versions accepts many permutations of HTML
and JavaScript in many charsets. We now properly canonicalize the incoming
HTML to us-ascii before applying further filters. IE only.
- Request forgery through images. It was possible to include "images" in
HTML mails which were in fact GET requests for the compose.php page sending
mail. These images are now properly detected, and the compose form will only
send mail through a POST request.
Affected Versions:
1.4.0-1.4.9a
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2007-1262
CVE-2007-2589
Patch:
view patch
Credits:
Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon for reporting (parts of) these issues and working with us to get them resolved.
This page last updated:
2007-08-16 00:39:13
© 1999-2010 by The SquirrelMail Project Team