Context Navigation

← Previous Ticket
Next Ticket →

Opened 6 months ago

Closed 6 months ago

#1488850 closed Bugs (fixed)

Two XSS vectors targeting IE and Firefox Users

Reported by:	enriquerando	Owned by:
Priority:	1 - Highest	Milestone:	0.9-beta
Component:	Security	Version:	0.8.4
Severity:	major	Keywords:	XSS, data:, vbscript
Cc:

Description

Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Attachments (1)

RoundCube2XSS.pdf (253.2 KB) - added by enriquerando 6 months ago.: Details

Download all attachments as: .zip

Change History (3)

Changed 6 months ago by enriquerando

Attachment RoundCube2XSS.pdf added

Details

comment:1 Changed 6 months ago by alec

Milestone changed from later to 0.9-beta
Priority changed from 5 to 1 - Highest

comment:2 Changed 6 months ago by alec

Resolution set to fixed
Status changed from new to closed

Fixed in 74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba

Note: See TracTickets for help on using tickets.

Download in other formats: