4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Jakob Balle discovered that with “Conditional Comments” in Internet
Explorer it is possible to hide javascript code in comments that will
be executed when the browser views a malicious email via sqwebmail.
Successful exploitation requires that the user is using Internet
Explorer.
For the old stable distribution (woody) this problem has been fixed in
version 0.37.3-2.7.
For the stable distribution (sarge) this problem has been fixed in
version 0.47-4sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 0.47-9.
We recommend that you upgrade your sqwebmail package.
CPE | Name | Operator | Version |
---|---|---|---|
courier | eq | 0.47-4sarge2 | |
courier | eq | 0.47-4 | |
courier | eq | 0.47-4sarge1 |