Closed Bug 260589 Opened 21 years ago Closed 21 years ago

X-Mozilla-Status headers in incoming emails

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 196749

People

(Reporter: kevin.peuhkurinen, Assigned: sspitzer)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 X-Mozilla-Status and X-Mozilla-Status2 headers in incoming emails over-ride the headers that Mozilla Mail adds to the email. This allows spammers to bypass junk mail controls and to label their emails as "Important" or "To-Do". Reproducible: Always Steps to Reproduce: 1. Telnet to your MTA port 25 2. Create an email with X-Mozilla-Status headers: ... 354 Enter message, ending with "." on a line by itself X-Mozilla-Status: 0001 X-Mozilla-Status2: 02000000 From: me To: me <kevin.peuhkurinen@hepcoe.com> Subject: test Test . 250 OK 3. Check incoming email. Actual Results: The email is marked "read" and labelled "Important". It has two "X-Mozilla-Status" and "X-Mozilla-Status2" headers, but the forged one over-rides the one added by my MUA. Expected Results: Ignored or stripped off the status headers of the incoming email.
*** This bug has been marked as a duplicate of 196749 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.