Open Bug 699047 Opened 14 years ago Updated 3 years ago

Replaying to Message with Attachments Can Generate Banned (executable) File Names

Categories

(MailNews Core :: Attachments, defect)

Product:
MailNews Core
Component:
Attachments
Platform:
x86
Windows XP
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: gsexton, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Build ID: 20110928134238 Steps to reproduce: We replied to a message that had a signature image in it. Here's the header for the attachment image: Content-Transfer-Encoding: base64 Content-ID: <sigimg1@17de55703a2cc1576a51cfa6681ad632> Content-Type: image/gif; name="sigimg1"; Content-Disposition: inline; filename="sigimg1"; Actual results: The reply re-generated a header for the image: --=_0c1a775dee57102c217e67350a62b1bc Content-Transfer-Encoding: base64 Content-ID: <part1.08000906.01010805@mhsoftware.com> Content-Type: image/gif; name="part1.08000906.01010805@mhsoftware.com"; Content-Disposition: inline; filename="part1.08000906.01010805@mhsoftware.com"; The problem here is that .com is a file extension for an MS-DOS executable. When the person replied to us, our mail server kicked back the message because the file extension is banned (.com). Expected results: The original file name should have been retained, or a file name that won't be mistaken for an executable should be used.
OS: Windows 7 → Windows XP
Hardware: x86_64 → x86
Component: General → Attachments
Product: Thunderbird → MailNews Core
QA Contact: general → attachments
Removing myslef on all the bugs I'm cced on. Please NI me if you need something on MailNews Core bugs from me.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.