CVE-2009-1581

Publication date 14 May 2009

Last updated 24 July 2024


Ubuntu priority

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.

Status

Package Ubuntu Release Status
squirrelmail 9.10 karmic
Not affected
9.04 jaunty
Fixed 2:1.4.15-4ubuntu0.1
8.10 intrepid
Fixed 2:1.4.15-3ubuntu0.2
8.04 LTS hardy
Fixed 2:1.4.13-2ubuntu1.3
6.06 LTS dapper Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
squirrelmail