CVE-2009-4353
CVE-2009-4353 affects Active! mail 2003 Mobile Edition (build 2003.0139.0871 and earlier; possibly before 2003.0139.0911). The issue is that the application does not remove the session ID from a Referer URL, enabling a remote attacker to hijack web sessions via vectors such as an email containing...