Security

Clickjacking

Date:

2011-07-12

Description:

SquirrelMail versions 1.4.21 and below are vulnerable to clickjacking attacks wherein the entire application can be loaded in a frame that could overlay other elements on top of SquirrelMail's user interface and possibly expose private user data (including passwords) to an attacker.

Affected Versions:

<= 1.4.21

Register Globals:

Register_globals does not have to be on for this issue.

CVE ID(s):

CVE-2010-4554

Patch:

view patch

Credits:

Asbjorn Thorsen and Geir Hansen

This page last updated:

2011-07-12 00:00:00