Launchpad.net

CVE 2009-1581

functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message.

Related bugs and status

CVE-2009-1581 (Candidate) is related to these bugs:

Bug #375513: Multiple CVEs for Squirrelmail <1.4.17

		In	Importance	Status
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Dapper)	High	Won't Fix
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Hardy)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Intrepid)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Jaunty)	High	Fix Released
375513	Multiple CVEs for Squirrelmail <1.4.17	squirrelmail (Ubuntu Karmic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1581

Related bugs and status

Related bugs

References