IMAP Security review action items

RESOLVED WORKSFORME

Status

MailNews Core
Networking: IMAP
RESOLVED WORKSFORME
15 years ago
6 years ago

People

(Reporter: Heikki Toivonen (remove -bugzilla when emailing directly), Assigned: Bienvenu)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:audit])

Passwords (and other highly sensitive information) should be stored in memory in
classes that overwrite the memory before freeing it, and possibly prevent the
memory from being swapped out while in use (platform dependent). If there is no
such thing yet, we should create a class for that.

What happens if an img tag src points to IMAP URL, do we retrieve the contents
and send them along in a reply/forwarded message? Are there other tags that
could cause this?

When replying/forwarding a message we can disclose private information, like
mailserver and user names? Make sure they get stripped out.

Some plugins (most notably Acrobat) take over the message area which can lead to
message spoofing. There should be a bug open on this, what is it?

IMAP headers could cause a DOS, because our implementation wants to load them
all. If there was a header exploit that caused a crash, for example, you would
never be able to read your mail after that. There are no such bugs known at this
time, but could the implementation be changed so that we do not always require
the full header list (like when you hit stop, try to see a message, we continue
downloading headers)?

Verify that each message is its own domain (regardless of protocol).

Disable plugins in mailnews, or make it possible to disable them in mailnews.
There was discussion about that, what happened? Is there a bug number?
>Disable plugins in mailnews, or make it possible to disable them in mailnews.
>There was discussion about that, what happened? Is there a bug number?

In 1.3a in Advanced -> Scripts and Plugins right at the bottom is an option:
Enable plugins for mail and news.
Whiteboard: [sg:investigation]
Product: MailNews → Core
Product: Core → MailNews Core
bienvenu: is there anything useful left in this bug or can we resolve it and unhide it?
Whiteboard: [sg:investigation] → [sg:audit]
(Assignee)

Comment 3

6 years ago
(In reply to Daniel Veditz [:dveditz] from comment #2)
> bienvenu: is there anything useful left in this bug or can we resolve it and
> unhide it?

I don't think there's anything useful left in this bug. the passwords stored in memory that's cleared after delete is not specific to imap.

Updated

6 years ago
Group: core-security
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.