6.0.0-alpha10
5/15/25

[#24] IE & Webmail Vulnerability
Summary IE & Webmail Vulnerability
Queue IMP
Queue Version 3.2.3
Type Bug
State Resolved
Priority 1. Low
Owners
Requester ng.owner (at) thenetgamer (dot) com
Created 03/23/2004 (7723 days ago)
Due
Updated 03/23/2004 (7723 days ago)
Assigned
Resolved 03/23/2004 (7723 days ago)
Milestone
Patch No

History
03/23/2004 04:46:01 PM Jan Schneider Comment #4
State ⇒ Resolved		 Reply to this comment
We tested on the current RELENG_3 and HEAD branches and IMP was 
filtering out this code correctly. That means that IMP 3.2.3 is safe 
too, as safe as active filtering can be.
03/23/2004 03:29:33 PM ng (dot) owner (at) thenetgamer (dot) com Comment #3 Reply to this comment
Suggested priority: 3. High

I've changed the priority due to what could be done if IMP is 
vulnerable. The list includes:



Theft of login and password.

Content disclosure of any email in the mailbox.

Automatically send emails from the mailbox.

Exploitation of known vulnerabilities in the browser to access the 
user's file system and eventually take over the machine.

Distribution of a web-based email worm.

Disclosure of all contacts within the address book.


03/23/2004 03:28:32 PM ng (dot) owner (at) thenetgamer (dot) com Comment #2 Reply to this comment
I just realized that the verison we are using IMP 3.2.2.



Brian
03/23/2004 03:25:28 PM ng (dot) owner (at) thenetgamer (dot) com Comment #1
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug		 Reply to this comment
Is IMP vulnerable to this exploit: Remotely Exploitable Cross-Site Scripting



More information is available here: 
http://www.greymagic.com/security/advisories/gm005-mc/



Brian Loftus
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers