squirrelmail squirrelmail: session hijacking vulnerability squirrelmail: session hijacking vulnerability Squirrelmail was updated to use the secure flag for its cookies. Otherwise it was possible to hijack a SSL-protected session via leaked cookies. (CVE-2008-3663) The previous update for the problem above contained a typo which broke squirrelmail. Squirrelmail was updated to use the secure flag for its cookies. Otherwise it was possible to hijack a SSL-protected session via leaked cookies. (CVE-2008-3663) The previous update for the problem above contained a typo which broke squirrelmail. security squirrelmail noarch 8df88f92bd00b7b88ae9731e47b1f85df0e4681e