SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Workaround for Internet Explorer MIME handling

Date:
2006-12-03
Description:
We've changed SquirrelMail attachment handling to work around an issue in Internet Explorer: the browser will attempt to guess the MIME type of attachments based on content, not the MIME header we send. Attachments could fake to be an 'harmless' image/jpeg, while they were in fact HTML that Internet Explorer would render.
Affected Versions:
IE
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
n/a
Patch:
view patch
Credits:
Thanks go to Martijn Brinkers and Cor Bosman.
This page last updated:
2006-12-02 16:42:03
© 1999-2010 by The SquirrelMail Project Team