Security

Workaround for Internet Explorer MIME handling

Date:

2006-12-03

Description:

We've changed SquirrelMail attachment handling to work around an issue in Internet Explorer: the browser will attempt to guess the MIME type of attachments based on content, not the MIME header we send. Attachments could fake to be an 'harmless' image/jpeg, while they were in fact HTML that Internet Explorer would render.

Affected Versions:

IE

Register Globals:

Register_globals does not have to be on for this issue.

CVE ID(s):

n/a

Patch:

view patch

Credits:

Thanks go to Martijn Brinkers and Cor Bosman.

This page last updated:

2006-12-02 16:42:03