Bugtraq mailing list archives
Re: Webmails + Internet Explorer can create unwanted javascript execution
From: Jedi/Sector One <j () pureftpd org>
Date: Fri, 3 Oct 2003 21:16:34 +0200
On Fri, Oct 03, 2003 at 11:56:47AM -0500, Jason Munro wrote:
While squirrelmail's filter is based on the same engine apparently either it's not up to date or the params are not set as tight.
It looks like Squirrelmail 1.4.0 doesn't filter it, while 1.4.2 does. Upgrading Squirrelmail is not a bad idea anyway, as before version 1.4.1, external images could be loaded through the "lowsrc" attribute on browsers that handle it. But this was not a bug in Squirrelmail either, just a combination to avoid.
Current thread:
- Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)
- RE: Webmails + Internet Explorer can create unwanted javascript execution Drew Copley (Oct 03)
- Divine OpenMarket Content Server XSS Valgasu (Oct 03)
- <Possible follow-ups>
- Re: Webmails + Internet Explorer can create unwanted javascript execution Jason Munro (Oct 03)
- Re: Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)