"Opera is where a guy gets stabbed in the back, and instead of dying, he sings." Robert Charles Benchley (1889-1945) US humorist (On December 7, 1732, The Royal Opera House opens in London) - SquirrelMail 1.4.9a update fixes multiple vulnerabilities - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, December 7, 2006 - Version 1.4.9a of SquirrelMail has been released, which fixes several cross-site scripting vulnerabilities that could be exploited to inject code in Web sessions. The first flaw lies in the webmail.php and compose.php scripts and stems from incorrect filtering of certain parameters before they are sent to the client. The second vulnerability affects the magicHTML filter which filters and cleans up content of HTML messages. An attacker could inject HTML code or scripts through these vulnerabilities and run it on the user's mail client. Versions 1.4.0 to 1.4.9 of SquirrelMail are affected, whereas version 1.4.9a fixes all of these issues. More details in the original advisory, available at http://squirrelmail.org/security/issue/2006-12-02 (*) SquirrelMail is a PHP-based Web mail system, which supports the IMAP and SMTP protocols. All pages are displayed with HTML 4.0 to ensure compatibility with as many browsers as possible. taharka Lexington, Kentucky U.S.A.