X-Forwarded-Message-ID/References headers expose information about S/MIME message

UNCONFIRMED
Unassigned

Status

Thunderbird
Security
UNCONFIRMED
5 years ago
5 months ago

People

(Reporter: René Puls, Unassigned)

Tracking

(Depends on: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0
Build ID: 20130511120803

Steps to reproduce:

There is an information leak when forwarding e-mails via S/MIME. It should be a minor issue in most cases, but could have serious consequences in others.

Scenario:

1. I receive an unencrypted e-mail.
2. I want to forward this e-mail as an encrypted S/MIME message to someone else.
3. I don't want a third party to know that I have forwarded the first message, so I change the subject (removing "Fwd: ...").


Actual results:

Thunderbird adds "References" and "X-Forwarded-Message-ID" headers to my encrypted message, containing the ID of the original message. The headers themselves are not encrypted.

First of all, a third party can clearly see which message I have forwarded (the original message was unencrypted, so its Message-ID is known). This may or may not have consequences for the person sending the message (think about a "whistleblower" scenario, for example).

Second, the third party now knows at least part of the content (the forwarded part) of my encrypted e-mail. They cannot read the text I have added, but this information alone might help in further attacks.

A similar problem exists when simply replying to an encrypted e-mail: The "References" header allows a third party to track which e-mail I have replied to.


Expected results:

From a secure-by-default point of view, Thunderbird should probably strip all "References" and "X-Forwarded-Message-ID" headers from outgoing encrypted e-mails. Other solutions would be to warn the user about the possible information leak, or to provide an advanced option to deactivate these headers for encrypted e-mails. (The optimal solution would be to somehow move this information inside the encrypted message part, but I'm not sure if that is technically possible.)

Comment 1

5 months ago
More generally, what you really need is the recipient to think that you are the original author of the message being forwarded.  bug 485593 would address that
Depends on: 485593
OS: Linux → All
Summary: X-Forwarded-Message-ID/References headers leak information about S/MIME message → X-Forwarded-Message-ID/References headers expose information about S/MIME message
You need to log in before you can comment on or make changes to this bug.