Debian Security Advisory DSA 820-1 – Jakob Balle discovered that with Conditional Comments in Internet Explorer it is possible to hide javascript code in comments that will be executed when the browser views a malicious email via sqwebmail. Successful exploitation requires that the user is using Internet Explorer.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/40241/dsa-820-1.txt
Source: https://packetstormsecurity.com/files/40241/Debian-Linux-Security-Advisory-820-1.html