Bugtraq: Re: Webmails + Internet Explorer can create unwanted javascript execution

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Webmails + Internet Explorer can create unwanted javascript execution

From: Jedi/Sector One <j () pureftpd org>
Date: Fri, 3 Oct 2003 21:16:34 +0200

On Fri, Oct 03, 2003 at 11:56:47AM -0500, Jason Munro wrote:

While squirrelmail's filter is based on the same engine apparently either
it's not up to date or the params are not set as tight.


  It looks like Squirrelmail 1.4.0 doesn't filter it, while 1.4.2 does.
  
  Upgrading Squirrelmail is not a bad idea anyway, as before version 1.4.1, 
external images could be loaded through the "lowsrc" attribute on browsers
that handle it. But this was not a bug in Squirrelmail either, just a
combination to avoid.

By Date By Thread

Current thread:

Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)
- RE: Webmails + Internet Explorer can create unwanted javascript execution Drew Copley (Oct 03)
- Divine OpenMarket Content Server XSS Valgasu (Oct 03)
- <Possible follow-ups>
- Re: Webmails + Internet Explorer can create unwanted javascript execution Jason Munro (Oct 03)
  - Re: Webmails + Internet Explorer can create unwanted javascript execution Jedi/Sector One (Oct 03)