If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Attached "base 64" encoded pics are not decoded properly.

RESOLVED INCOMPLETE

Status

Thunderbird
General
--
major
RESOLVED INCOMPLETE
6 years ago
6 years ago

People

(Reporter: Walter Benton, Assigned: Bienvenu)

Tracking

6 Branch
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 560833 [details]
Actual E-mail received with full headers (personal information xxx'ed out)

I received an E-mail which had text at the top, HTML in the middle and a .jpg "base 64" encoded file attached at the bottom. The receive window initially showed a paperclip signifying an attachment was included, but when I click on that E-mail to see it, the text version is displayed because I have HTML display turned off.  But there is no attachment window nor a clickable attachment to either view or save to disk.

Probably because encoding is incorrect or an encoding bug.

Not sure whether this bug might cause a buffer overflow or not.

See actual received E-mail with personal information xxx'ed out in attachment.
(Reporter)

Comment 1

6 years ago
Detail information about my Thunderbird version:


  アプリケーション基本情報

    名前: Thunderbird
    バージョン: 6.0.2
    ユーザエージェント: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
    プロファイルディレクトリ: フォルダを開く

              (ローカルドライブ)
    アプリケーションのビルド ID: 20110902221921
    有効なプラグイン: about:plugins
    ビルド設定: about:buildconfig

  メールとニュースアカウント
    account1:
      INCOMING: account1, , (pop3) xx.xxxxxxx.xx.jp:110, plain, passwordCleartext
      OUTGOING: xx.xxxxxxx.xx.jp:xxx, plain, passwordEncrypted, true

    account2:
      INCOMING: account2, , (none) Local Folders, plain, passwordCleartext

  拡張機能
    SPAMfighter Toolbar For Thunderbird, 7.3.64, true, {E250941A-6892-4070-9404-32C0A93B8920}

  変更されている設定

    名前: 値

      accessibility.typeaheadfind.flashBar: 0
      dom.max_chrome_script_run_time: 0
      extensions.lastAppVersion: 6.0.2
      font.name.sans-serif.ja: MS P明朝
      font.size.variable.ja: 12
      gfx.blacklist.direct2d: 3
      gfx.blacklist.layers.direct3d10: 3
      gfx.blacklist.layers.direct3d10-1: 3
      gfx.blacklist.layers.direct3d9: 3
      gfx.blacklist.layers.opengl: 3
      gfx.blacklist.webgl.angle: 3
      gfx.blacklist.webgl.opengl: 3
      mail.openMessageBehavior.version: 1
      network.cookie.prefsMigrated: true
      places.database.lastMaintenance: 1316344349
      places.history.expiration.transient_current_max_pages: 26161

  グラフィックス
Mark: please assign to an appropriate person on the Thunderbird team to evaluate whether there are any security concerns here.
Assignee: nobody → mbanner
I believe this is just because the attachments are multipart/related and because they are designed to be shown inline, then we don't actually show them in the case of text-only.

David should be able to confirm this though.
Assignee: mbanner → dbienvenu
(In reply to Mark Banner (:standard8) from comment #3)
> I believe this is just because the attachments are multipart/related and
> because they are designed to be shown inline, then we don't actually show
> them in the case of text-only.
> 
> David should be able to confirm this though.

If it is this is a dup.
(Assignee)

Comment 5

6 years ago
yeah, I think that sounds right. cc'ing Jonathan, though, to be sure.
(Reporter)

Comment 6

6 years ago
>>>then we don't actually show them in the case of text-only.<<<

Then what work around is their other than turning on HTML?  For security reasons I'd prefer not to have to do that.

Isn't there a way to just show a link or a separate window with a right-click saveable. At present, there's no way to view the image attached.

Comment 7

6 years ago
This isn't exactly a dupe of bug 674473. That bug is about "invisible" attachments. This bug is about someone wanting to be able to view inline attachments when a message is being displayed in plain-text mode instead of HTML mode.

I'd argue that in fact there's no bug here at all. The inline image is intended to be displayed inline with the HTML. If you're displaying plain-text instead of HTML, then the inline image is not, according to the format of the email, intended to be displayed.

Nevertheless, we provide a way to access it. You can use https://addons.mozilla.org/en-US/thunderbird/addon/show-all-body-parts/, which is compatible with TB 8.0 or later.

In short, this isn't exactly the same as the other open bugs, and I actually don't think it's a bug, but I'll leave the final determination of that to others.
(Reporter)

Comment 8

6 years ago
I downloaded and tried to install that addon, but it's not compatible with my currently installed v6.0.2 Japanese version which is the latest version available.

So how does one get TB v8.0?

Comment 9

6 years ago
As I said above, Show All Body Parts is only compatible with TB 8.0 or later, since the core TB functionality on which it relies was only introduced in TB 8.0.

Comment 10

6 years ago
As for how to get TB 8.0, you can either download and run a nightly build (http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/), or wait until 7.0 is released and the beta channel becomes 8.0, and then download and run the beta build (http://www.mozilla.org/en-US/thunderbird/all-beta.html).
Group: core-security
Walter can you update us on happenings with current version?
Whiteboard: [closeme 2012-04-25]

Comment 12

6 years ago
Resolved per whiteboard
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2012-04-25]
You need to log in before you can comment on or make changes to this bug.