Re: [courier-users] Courier/SqWebMail 20050905
This is a discussion on Re: [courier-users] Courier/SqWebMail 20050905 within the Courier-Imap forums, part of the Mail Servers and Related category; This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-07-2005
|
|||
|
|||
Re: [courier-users] Courier/SqWebMail 20050905
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages. The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards. --=_mimegpg-commodore.email-scan.com-15587-1126048032-0002 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit Alessandro Vesely writes: > Sam Varshavchik wrote: >> >> This release of SqWebMail filters out certain MSIE-only scripting >> constructs that could be used for malicious purposes. As an >> alternative: a cumulative patch [...] > > Apparently, that patch is not related with the downloading of viral > attachments that has been recently echoed on this list. Correct? Correct. > It skips some html tags. Are there any advisories or references about > the MSIE scripting vulnerabilities that the patch addresses? You got it all wrong. It's not really a vulnerability in MSIE, it's really a "feature". Aren't you happy? Although in the rest of the world, any <!-- comment --> in HTML gets ignored, with MSIE a specially formatted HTML comment can get processed as regular HTML code, with scripting, et al: http://msdn.microsoft.com/library/de...omment_ovw.asp The other stuff in the patch is because it's cumulative, and includes last week's fix for a different issue. --=_mimegpg-commodore.email-scan.com-15587-1126048032-0002 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQBDHiEgx9p3GYHlUOIRAvBIAJ9nZgWl6W59VgruIcr/YxvfLKnB2ACfS+5a moyzuOgRWr6QipQXZN6gcnM= =Xi/a -----END PGP SIGNATURE----- --=_mimegpg-commodore.email-scan.com-15587-1126048032-0002-- ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users 
|
Linear Mode
