Closed
Bug 309263
Opened 19 years ago
Closed 13 years ago
Scripts in attachments (e.g. forwards) run and can access content of message (wiretap variant)
Categories
(MailNews Core :: Security, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jruderman, Unassigned)
References
Details
(Whiteboard: [sg:low])
Scripts in attachments, including messages forwarded as attachments, can access the content of the main message. They should be isolated or not allowed to run at all. Tested using SeaMonkey 1.0 Alpha on Mac. Fixing this bug would eliminate wiretap-style exploits for messages forwarded as attachments (which is the default for Thunderbird) regardless of the state of the capability.policy.mailnews.*.* blacklist (often ineffective due to omissions).
Reporter | ||
Comment 1•19 years ago
|
||
See also bug 67702, a sender-side solution for the forward-inline mode.
Assignee | ||
Updated•16 years ago
|
Product: Core → MailNews Core
Reporter | ||
Updated•16 years ago
|
Summary: Scripts in attachments (e.g. forwards) run and can access content of message → Scripts in attachments (e.g. forwards) run and can access content of message (wiretap variant)
Whiteboard: [sg:low]
Comment 2•13 years ago
|
||
This was fixed by bug 374577.
Group: core-security
Status: NEW → RESOLVED
Closed: 13 years ago
Depends on: 374577
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•