SquirrelMail  
Donations
News
About
Support
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties













Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

Security

Clickjacking

Date:
2011-07-12
Description:
SquirrelMail versions 1.4.21 and below are vulnerable to clickjacking attacks wherein the entire application can be loaded in a frame that could overlay other elements on top of SquirrelMail's user interface and possibly expose private user data (including passwords) to an attacker.
Affected Versions:
<= 1.4.21
Register Globals:
Register_globals does not have to be on for this issue.
CVE ID(s):
CVE-2010-4554
Patch:
view patch
Credits:
Asbjorn Thorsen and Geir Hansen
This page last updated:
2011-07-12 00:00:00
© 1999-2010 by The SquirrelMail Project Team