Closed Bug 687384 Opened 13 years ago Closed 12 years ago

Attached "base 64" encoded pics are not decoded properly.

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Version:
6 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: wbenton, Assigned: Bienvenu)

Details

Attachments

(1 file)

Actual E-mail received with full headers (personal information xxx'ed out)
96.03 KB, text/plain
Details 
I received an E-mail which had text at the top, HTML in the middle and a .jpg "base 64" encoded file attached at the bottom. The receive window initially showed a paperclip signifying an attachment was included, but when I click on that E-mail to see it, the text version is displayed because I have HTML display turned off.  But there is no attachment window nor a clickable attachment to either view or save to disk.

Probably because encoding is incorrect or an encoding bug.

Not sure whether this bug might cause a buffer overflow or not.

See actual received E-mail with personal information xxx'ed out in attachment.
Detail information about my Thunderbird version:


  アプリケーション基本情報

    名前: Thunderbird
    バージョン: 6.0.2
    ユーザエージェント: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
    プロファイルディレクトリ: フォルダを開く

              (ローカルドライブ)
    アプリケーションのビルド ID: 20110902221921
    有効なプラグイン: about:plugins
    ビルド設定: about:buildconfig

  メールとニュースアカウント
    account1:
      INCOMING: account1, , (pop3) xx.xxxxxxx.xx.jp:110, plain, passwordCleartext
      OUTGOING: xx.xxxxxxx.xx.jp:xxx, plain, passwordEncrypted, true

    account2:
      INCOMING: account2, , (none) Local Folders, plain, passwordCleartext

  拡張機能
    SPAMfighter Toolbar For Thunderbird, 7.3.64, true, {E250941A-6892-4070-9404-32C0A93B8920}

  変更されている設定

    名前: 値

      accessibility.typeaheadfind.flashBar: 0
      dom.max_chrome_script_run_time: 0
      extensions.lastAppVersion: 6.0.2
      font.name.sans-serif.ja: MS P明朝
      font.size.variable.ja: 12
      gfx.blacklist.direct2d: 3
      gfx.blacklist.layers.direct3d10: 3
      gfx.blacklist.layers.direct3d10-1: 3
      gfx.blacklist.layers.direct3d9: 3
      gfx.blacklist.layers.opengl: 3
      gfx.blacklist.webgl.angle: 3
      gfx.blacklist.webgl.opengl: 3
      mail.openMessageBehavior.version: 1
      network.cookie.prefsMigrated: true
      places.database.lastMaintenance: 1316344349
      places.history.expiration.transient_current_max_pages: 26161

  グラフィックス
Mark: please assign to an appropriate person on the Thunderbird team to evaluate whether there are any security concerns here.
Assignee: nobody → mbanner
I believe this is just because the attachments are multipart/related and because they are designed to be shown inline, then we don't actually show them in the case of text-only.

David should be able to confirm this though.
Assignee: mbanner → dbienvenu
(In reply to Mark Banner (:standard8) from comment #3)
> I believe this is just because the attachments are multipart/related and
> because they are designed to be shown inline, then we don't actually show
> them in the case of text-only.
> 
> David should be able to confirm this though.

If it is this is a dup.
yeah, I think that sounds right. cc'ing Jonathan, though, to be sure.
>>>then we don't actually show them in the case of text-only.<<<

Then what work around is their other than turning on HTML?  For security reasons I'd prefer not to have to do that.

Isn't there a way to just show a link or a separate window with a right-click saveable. At present, there's no way to view the image attached.
This isn't exactly a dupe of bug 674473. That bug is about "invisible" attachments. This bug is about someone wanting to be able to view inline attachments when a message is being displayed in plain-text mode instead of HTML mode.

I'd argue that in fact there's no bug here at all. The inline image is intended to be displayed inline with the HTML. If you're displaying plain-text instead of HTML, then the inline image is not, according to the format of the email, intended to be displayed.

Nevertheless, we provide a way to access it. You can use https://addons.mozilla.org/en-US/thunderbird/addon/show-all-body-parts/, which is compatible with TB 8.0 or later.

In short, this isn't exactly the same as the other open bugs, and I actually don't think it's a bug, but I'll leave the final determination of that to others.
I downloaded and tried to install that addon, but it's not compatible with my currently installed v6.0.2 Japanese version which is the latest version available.

So how does one get TB v8.0?
As I said above, Show All Body Parts is only compatible with TB 8.0 or later, since the core TB functionality on which it relies was only introduced in TB 8.0.
As for how to get TB 8.0, you can either download and run a nightly build (http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/), or wait until 7.0 is released and the beta channel becomes 8.0, and then download and run the beta build (http://www.mozilla.org/en-US/thunderbird/all-beta.html).
Group: core-security
Walter can you update us on happenings with current version?
Whiteboard: [closeme 2012-04-25]
Resolved per whiteboard
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2012-04-25]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: