Open Bug 285487 Opened 20 years ago Updated 2 years ago

warn user when clicking on content id links in mail messages

Categories

(MailNews Core :: Attachments, defect)

Product:
MailNews Core
Component:
Attachments
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

People

(Reporter: Bienvenu, Unassigned)

Details

Do we want to warn users when they click on content id links in mail messages,
which launch attachments from the mail message, a la the Netsky worm/virus? The
form of the link is <href=cid:<long hex string>> and then the corresponding
attachment has the corresponding hex string as its content-id. This produces a
link that the user can click on to either execute or save the attachment. We
might want to treat this as suspicious, and inform the user. I'm not sure what
the legitimate use of the cid: form of url would be, other than to avoid having
the user have to click on an attachment. Thoughts? We could add this to the
phishing detection as well
(In reply to comment #0)
> Do we want to warn users when they click on content id links in mail messages,
> which launch attachments from the mail message, a la the Netsky worm/virus? The
> form of the link is <href=cid:<long hex string>> and then the corresponding
> attachment has the corresponding hex string as its content-id. This produces a
> link that the user can click on to either execute or save the attachment. We
> might want to treat this as suspicious, and inform the user. I'm not sure what
> the legitimate use of the cid: form of url would be, other than to avoid having
> the user have to click on an attachment. Thoughts? We could add this to the
> phishing detection as well

I´ve also got a phishing mail, where the cid is used to load a gif for a map to
simulate a HTML page. Hovering the map is showing a https://URL of the bank,
clicking would lead to some phishing http:// site.
Can attach or forward, if wanted.
The mail
QA Contact: attachments
Product: Core → MailNews Core
(In reply to comment #1)

> simulate a HTML page. Hovering the map is showing a https://URL of the bank,
> clicking would lead to some phishing http:// site.
> Can attach or forward, if wanted.

If you still have it that would be very nice.
Assignee: dbienvenu → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.