The remote host is missing an update to courier announced via advisory DSA 820-1. Jakob Balle discovered that with Conditional Comments in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer. For the old stable distribution (woody) this problem has been fixed in version 0.37.3-2.7.

For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge3. For the unstable distribution (sid) this problem has been fixed in version 0.47-9. We recommend that you upgrade your sqwebmail package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20820-1