Hushmail.com Affected

Updated:  September 13, 2001

Status

Affected

Vendor Statement

The vulnerability has been fixed. We have no record of a notification on September 5th, or we certainly would have fixed this earlier. It was a very straightforward issue involving a failure to use the htmlspecialchars() PHP function in that area of the code. It is our general practice to always use this method when displaying information using PHP in order to avoid such scripting vulnerabilities, and we regret the unfortunate oversight. Many thanks to 1; and everyone else who has helped us keep HushMail secure in the past.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Affected

Updated:  September 13, 2001

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Hotmail.com is owned Microsoft.

MyOwnEmail.com Affected

Updated:  September 13, 2001

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.