[Tickets #9552] Security issue

bugs at horde.org bugs at horde.org
Sat Jan 29 11:44:47 UTC 2011


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/9552
------------------------------------------------------------------------------
  Ticket             | 9552
  Created By         | agullo at ati.es
  Summary            | Security issue
  Queue              | IMP
  Version            | 4.2
  Type               | Bug
  State              | Unconfirmed
  Priority           | 3. High
  Milestone          |
  Patch              |
  Owners             |
+New Attachment     | Message_Source.txt
------------------------------------------------------------------------------


agullo at ati.es (2011-01-29 06:44) wrote:

A few minutes ago I received this spam message.  It seemed very  
similar to the spam I receive usually, so I clicked on Delete... but  
instead of being deleted, it just made the browser tab unusable.
Tested on Windows Vista Ultimate Service Pack 2, with the following browsers:
-Google Chrome: IMP tab becomes unusable, all links rendered  
ineffectual.  The only escape is to use the Horde menu if you have it,  
or hit the browser "Back" button.
-Internet Explorer: Cannot use it. Keeps telling me that my browser  
has changed since the start of my session, so I must log in again...  
and again.. and again... despite already having logged out in every  
browser.
-Mozilla Firefox: IMP tab becomes unusable, no matter where I click it  
opens a tab to the spam website - not even Log out works.  The only  
escape is to use the Horde menu if you have it, or hit the browser  
"Back" button.  Having "NoScript" and using it to block the webmail  
doesn't prevent the issue from happening.
-Safari: IMP tab becomes unusable, no matter where I click it opens a  
windows to the spam website - not even Log out works.  The only escape  
is to use the Horde menu if you have it, or hit the browser "Back"  
button.
-Opera: The only one to work all right - the one which allowed me to  
save the message source.






More information about the bugs mailing list