Closed Bug 276257 Opened 20 years ago Closed 20 years ago

Does browser accept %0a and %0d which allow exploit?

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Version:
1.7 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: Malmberg, Unassigned)

References

(
URL
)

Details

Does browser accept %0a and %0d which allow this exploit to send or relay spam?

The exploit described can be be used on other ports besides port 25.

This allows a web browser to do client side scripting to a remote server, which
could be for malicious exploits.

Mozilla appears to have port 25 access disabled for security reasons, but as
long as the control characters can be passed through, other ports such as 8080
can be used for exploits.

All this means is that the malicious web site needs to do is use an additional
unsecured computer, just using the browser.
If we discover any linefeeds after unescaping the user/pass we refuse to issue
the request. Even with an SMTP server set up on a non-standard port we'd not be
vulnerable to this.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.