Candidate: CVE-2009-4363
PublicDate: 2009-12-21 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4363
Description:
 Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework
 before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail
 Edition before 1.2.5 does not properly handle data: URIs, which allows
 remote attackers to conduct cross-site scripting (XSS) attacks via
 data:text/html values for the HREF attribute of an A element in an HTML
 e-mail message.  NOTE: the vendor states that the issue is caused by "an
 XSS vulnerability in Firefox browsers."
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_horde3:
 vendor: http://www.debian.org/security/2010/dsa-1966
upstream_horde3: released (3.3.6)
dapper_horde3: ignored (reached end-of-life)
hardy_horde3: ignored (reached end-of-life)
intrepid_horde3: needed (reached end-of-life)
jaunty_horde3: released (3.2.2+debian0-2+lenny2build0.9.04.1)
karmic_horde3: ignored (reached end-of-life)
lucid_horde3: not-affected (3.3.6+debian0-2)
maverick_horde3: not-affected (3.3.6+debian0-2)
natty_horde3: not-affected (3.3.6+debian0-2)
oneiric_horde3: not-affected (3.3.6+debian0-2)
devel_horde3: not-affected (3.3.6+debian0-2)