Open Bug 1835803 Opened 2 years ago Updated 2 years ago

Failure to automatically display protected header subject for plain text only messages

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
Thunderbird 102
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: ooffa68f, Unassigned)

Details

Steps to reproduce:

Thunderbird fails to automatically display the subject when using protected headers for plain text only messages.

This is present on at least v102.4, v102.11.1, v102.11.2 and most likely all other versions.

Steps to reproduce:

Using the example from https://datatracker.ietf.org/doc/id/draft-autocrypt-lamps-protected-headers-02.html#name-signed-and-encrypted-pgp-mi

  1. Copy the following content and then encrypt it with your own public key that you have available in Thunderbird. (E.g gpg --encrypt -r me@example.com -a msg.txt)

From: Alice Lovelace <alice@openpgp.example>
To: Bob Babbage <bob@openpgp.example>
Date: Mon, 21 Oct 2019 07:09:00 -0700
Subject: BarCorp contract signed, let's go!
Content-Type: text/plain; charset="us-ascii"; protected-headers="v1"
Message-ID: <pgpmime-sign+enc@protected-headers.example>

Hi Bob!

This is a plain text only message.

Thanks, Alice

  1. Paste your encrypted content in this email and save it:

Received: from localhost (localhost [127.0.0.1]); Mon, 21 Oct 2019
07:09:28 -0700 (UTC-07:00)
MIME-Version: 1.0
Content-Type: multipart/encrypted; boundary="ca4";
protocol="application/pgp-encrypted"
From: Alice Lovelace <alice@openpgp.example>
To: Bob Babbage <bob@openpgp.example>
Date: Mon, 21 Oct 2019 07:09:00 -0700
Message-ID: <pgpmime-sign+enc@protected-headers.example>
Subject: ...

--ca4
content-type: application/pgp-encrypted

Version: 1

--ca4
content-type: application/octet-stream

-----BEGIN PGP MESSAGE-----

...your encrypted message...
-----END PGP MESSAGE-----

--ca4--

  1. Open the above saved email in Thunderbird and you will see that the subject shown is "..." instead of the encrypted "BarCorp contract signed, let's go!".

I've tried using other mail clients such as Fair Email and K-9 mail, both of which are able to correctly display the protected header subject line.

The strange thing is that if you add the following "--" on its own line anywhere to the plain text message then Thunderbird is able to display the correct subject.

So I'm not sure if the bug is related to boundaries or something.

For example the following plain text content will work and Thunderbird will correctly display the real subject:

From: Alice Lovelace <alice@openpgp.example>
To: Bob Babbage <bob@openpgp.example>
Date: Mon, 21 Oct 2019 07:09:00 -0700
Subject: BarCorp contract signed, let's go!
Content-Type: text/plain; charset="us-ascii"; protected-headers="v1"
Message-ID: <pgpmime-sign+enc@protected-headers.example>

Hi Bob!

This is a plain text only message.

Thanks, Alice

Actual results:

Thunderbird does not automatically display the encrypted subject from the protected headers just the "..." subject is displayed.

Expected results:

Thunderbird should automatically display the subject from the protected headers like it does with HTML / mixed emails.

Component: Untriaged → Security
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
You need to log in before you can comment on or make changes to this bug.