Two XSS vectors targeting IE and Firefox Users #4033

rcubetrac opened this Issue Dec 3, 2012 · 3 comments

1 participant


Reported by enriquerando on 3 Dec 2012 13:31 UTC as Trac ticket #1488850

Script code can be executed in the context of the current RoundCube session using "data" URLs in Firefox and "vbscript" URLs in Internet Explorer. (see the attached file for details)

Keywords: XSS, data:, vbscript


Milestone changed by @alecpl on 3 Dec 2012 14:11 UTC

later => 0.9-beta


Comment by @alecpl on 4 Dec 2012 08:21 UTC

Fixed in 74cd0a9


Status changed by @alecpl on 4 Dec 2012 08:21 UTC

new => closed

@rcubetrac rcubetrac closed this Dec 4, 2012
@rcubetrac rcubetrac added this to the 0.9-beta milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment