SquirrelMail is vulnerable to cross-site request forgery (CSRF). Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that userβs authentication, inject malicious content into that userβs preferences, or possibly send mail without that userβs permission.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
download.gna.org/nasmail/nasmail-1.7.zip
jvn.jp/en/jp/JVN30881447/index.html
jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html
lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
osvdb.org/60469
secunia.com/advisories/34627
secunia.com/advisories/36363
secunia.com/advisories/37415
secunia.com/advisories/40220
secunia.com/advisories/40964
squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog?revision=13818&view=markup&pathrev=13818
squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818
support.apple.com/kb/HT4188
www.debian.org/security/2010/dsa-2091
www.mandriva.com/security/advisories?name=MDVSA-2009:222
www.osvdb.org/57001
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/36196
www.squirrelmail.org/security/issue/2009-08-12
www.vupen.com/english/advisories/2009/2262
www.vupen.com/english/advisories/2009/3315
www.vupen.com/english/advisories/2010/1481
www.vupen.com/english/advisories/2010/2080
access.redhat.com/errata/RHSA-2009:1490
bugzilla.redhat.com/show_bug.cgi?id=517312
exchange.xforce.ibmcloud.com/vulnerabilities/52406
gna.org/forum/forum.php?forum_id=2146
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
www.redhat.com/archives/fedora-package-announce/2009-August/msg00927.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html