SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Workaround for Internet Explorer MIME handling

Date:
2006-12-03
Description:
We've changed SquirrelMail attachment handling to work around an issue in Internet Explorer: the browser will attempt to guess the MIME type of attachments based on content, not the MIME header we send. Attachments could fake to be an 'harmless' image/jpeg, while they were in fact HTML that Internet Explorer would render.
Affected Versions:
IE
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
n/a
Patch:
view patch
Credits:
Thanks go to Martijn Brinkers and Cor Bosman.
This page last updated:
2006-12-02 16:42:03
© 1999-2010 by The SquirrelMail Project Team