Two XSS vectors targeting IE and Firefox Users #4033

Closed
rcubetrac opened this Issue Dec 3, 2012 · 3 comments

1 participant

@rcubetrac

Reported by enriquerando on 3 Dec 2012 13:31 UTC as Trac ticket #1488850

Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Keywords: XSS, data:, vbscript
Migrated-From: http://trac.roundcube.net/ticket/1488850

@rcubetrac

Milestone changed by @alecpl on 3 Dec 2012 14:11 UTC

later => 0.9-beta

@rcubetrac

Comment by @alecpl on 4 Dec 2012 08:21 UTC

Fixed in 74cd0a9

@rcubetrac

Status changed by @alecpl on 4 Dec 2012 08:21 UTC

new => closed

@rcubetrac rcubetrac closed this Dec 4, 2012
@rcubetrac rcubetrac added this to the 0.9-beta milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment