Secunia discovered the following vulnerability: The HTML filter does not filter out <frame> and <frameset> HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. Successful exploitation requires that the victim opens the HTML part of a malicious message. There is no upstream patch AFAIK yet, so this bug is merely for tracking. Disclosure date is 2008-01-02 10am CET. Please keep confidential until then.
Removing webapps since an alias can't view restricted bugs and vapier is listed as the maintainer.
*** This bug has been marked as a duplicate of bug 205377 ***