FEDORA-EPEL-2013-0298 created by limb 8 years ago for Fedora EPEL 6
stable

A cross-site scripting (XSS) flaws were round in the way Round Cube Webmail, a browser-based multilingual IMAP client, performed sanitization of 'data' and 'vbscript' URLs. A remote attacker could provide a specially-crafted URL that, when opened would lead to arbitrary JavaScript, VisualBasic script or HTML code execution in the context of Round Cube Webmail's user session.

Upstream ticket: [1] http://trac.roundcube.net/ticket/1488850

Further details: [2] http://trac.roundcube.net/attachment/ticket/1488850/RoundCube2XSS.pdf

Upstream patch: [3] https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba

References: [4] http://sourceforge.net/news/?group_id=139281&id=310213 [5] http://www.openwall.com/lists/oss-security/2013/02/07/11 [6] http://www.openwall.com/lists/oss-security/2013/02/08/1

This update has been submitted for testing by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago
User Icon orion commented & provided feedback 8 years ago
karma

Working here

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by limb.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#909304 CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [fedora-all]
0
0
BZ#909306 CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [epel-6]
0
0

Automated Test Results