squirrelmail is vulnerable to session hijacking. The vulnerability exists as the Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions.
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
secunia.com/advisories/33611
securitytracker.com/id?1021611
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/bid/33354
access.redhat.com/errata/RHSA-2009:0057
bugzilla.redhat.com/show_bug.cgi?id=480224
bugzilla.redhat.com/show_bug.cgi?id=480488
exchange.xforce.ibmcloud.com/vulnerabilities/48115
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366
rhn.redhat.com/errata/RHSA-2009-0057.html