[vox] Semi-OT: SquirrelMail and MSIE,[Fwd: RE: [SM-DEVEL] bugtraq issue.]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[vox] Semi-OT: SquirrelMail and MSIE,[Fwd: RE: [SM-DEVEL] bugtraq issue.]
Hello,
I know several people on this list use SM, but of those people who use SM
(SquirrelMail) I would expect very few use MSIE to browse their SM mail.
As a result, this message is probably a bit off topic, but here goes....
There is apparently an issue with MSIE, JavaScript, and several
WebMail-based packages where there is risk for XSS and end-client
executing JavaScript that is usually filtered out by SM.
A general post was made to BUGTRAQ about this as a risk with various
webmail based systems. It turns out that SquirrelMail is among those that
seemed to have problems with MSIE. (Or should I say that MSIE has a
problem and SM was not writte in such a way to fix some mistakes made by
MS in making MSIE.)
Anyway, a diff patch was published on the SM-Dev list, but it is not
available on their website. (This patch is for 1.4.2.)
-ME
---------------------------- Original Message ----------------------------
Subject: RE: [SM-DEVEL] bugtraq issue.
From: "p dont think" <pdontthink@angrynerds.com>
Date: Sat, October 4, 2003 23:44
To: "'ME'" <dugan@passwall.com>
squirrelmail-devel@lists.sourceforge.net
--------------------------------------------------------------------------
> Ok. So the questions that would likely be asked by others:
>
> Will this feature addition to cope with a vendor specific addition for
scripting be considered sugnificant enough to push for a new immediate
stable release (1.4.2b, or 1.4.3)?
>
> If not, will an immediate official patch be offered for 1.4.2 as a
temporary measure for SM admins that are afflicted with MSIE users?
Attached is a patch from 1.4.2 to the latest and greatest. Konstantin rocks.
- paul
Attachment:
mime.php.diff.tar.gz
Description: Binary data
|
