CVE-2010-4554

Priority
Low
Description
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not
prevent page rendering inside a frame in a third-party HTML document, which
makes it easier for remote attackers to conduct clickjacking attacks via a
crafted web site.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4554
http://www.squirrelmail.org/security/issue/2011-07-12
Package
Source: squirrelmail (LP Ubuntu Debian)
Upstream:released (1.4.22)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):needed
Ubuntu 11.10 (Oneiric Ocelot):not-affected (2:1.4.22-1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2:1.4.22-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (2:1.4.22-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (2:1.4.22-1)
Patches:
Upstream:http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117
More Information

Valid XHTML 1.0 Strict

Updated: 2013-04-25 17:14:20 UTC (commit 6757)