REDHAT-BUG-720693
First published: Tue Jul 12 2011(Updated: )
It was found that SquirrelMail webmail client did not properly handle generation of a particular web page HTML Header in cases, when entire application was loaded in separated HTML frame, potentially overloading other HTML elements on top of SquirrelMail's user interface. A remote attacker could use this flaw to obtain access to sensitive user data (passwords for example). Upstream advisory: [1] <a href="http://www.squirrelmail.org/security/issue/2011-07-12">http://www.squirrelmail.org/security/issue/2011-07-12</a> Relevant upstream patch: [2] <a href="http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14117">http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14117</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SquirrelMail |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.squirrelmail.org/security/issue/2011-07-12
- http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14117
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=720696
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=720697
- https://rhn.redhat.com/errata/RHSA-2012-0103.html
- https://bugzilla.redhat.com/show_bug.cgi?id=720693
- collector/redhat-bugzilla
- alias/CVE-2010-4554
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/squirrelmail
- canonical/squirrelmail