Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4363 to the following vulnerability: Name: CVE-2009-4363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4363 Assigned: 20091221 Reference: MLIST:[announce] 20091215 Horde 3.3.6 (final) Reference: URL: http://lists.horde.org/archives/announce/2009/000529.html Reference: MLIST:[announce] 20091216 Horde Groupware 1.2.5 (final) Reference: URL: http://marc.info/?l=horde-announce&m=126100750018478&w=2 Reference: MLIST:[announce] 20091217 Horde Groupware Webmail Edition 1.2.5 (final) Reference: URL: http://marc.info/?l=horde-announce&m=126101076422179&w=2 Reference: CONFIRM: http://bugs.horde.org/ticket/8715 Reference: CONFIRM: http://bugs.horde.org/view.php?actionID=view_file&type=patch&file=0002-Bug-8715-Fix-XSS-vulnerability%5B1%5D.patch&ticket=8715 Reference: CONFIRM: http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.559&r2=1.515.2.589&ty=h Reference: SECTRACK:1023365 Reference: URL: http://securitytracker.com/id?1023365 Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
horde-3.3.6-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc13
horde-3.3.6-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/horde-3.3.6-1.el5
horde-3.3.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc12
horde-3.3.6-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/horde-3.3.6-1.fc11
horde-3.3.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
horde-3.3.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
horde-3.3.6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
horde-3.3.6-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.