Vulnerabilities in squirrelmail

[Tom McAdam <tomc () future-i com>]

Multiple security vulnerabilties exist in SquirrelMail < v 1.2.3 that
allow malicious HTML messages to:

* send messages appearing to come from the user
* run arbitrary javascript

Description
-----------
The compose.php script allows parameters to be passed as GETs.  Therefore
including the following in an HTML mail will send a message to x () y com:

<img 
src="compose.php?send_to=x () y com&subject=foo&bar=bar&send=1">

The read_body.php script does not check HTML tags for javascript.  A
trivial example:

<img src="javascript:alert('Oh dear')">


Resolution
----------
Upgrade to version 1.2.3 of SquirrelMail


Acknowledgements
----------------
Thanks to for Philippe Mingo for fixing this bug