Launchpad.net

CVE 2006-0195

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Related bugs and status

CVE-2006-0195 (Candidate) is related to these bugs:

Bug #115149: Please backport for squirrelmail from gutsy to dapper, edgy, and feisty

		In	Importance	Status
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Dapper Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Edgy Backports	Wishlist	Fix Released
115149	Please backport for squirrelmail from gutsy to dapper, edgy, and feisty	Feisty Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.squirrelmai...
BID: 16756
SECTRACK: 1015662
SECUNIA: 18985
DEBIAN: DSA-988
FEDORA: FEDORA-2006-133
SUSE: SUSE-SR:2006:005
SECUNIA: 19131
SECUNIA: 19130
SECUNIA: 19176
GENTOO: GLSA-200603-09
SECUNIA: 19205
REDHAT: RHSA-2006:0283
SECUNIA: 19960
SGI: 20060501-01-U
SECUNIA: 20210
MANDRIVA: MDKSA-2006:049
VUPEN: ADV-2006-0689
XF: squirrelmail-magichtml...
OVAL: oval:org.mitre.oval:de...