Open
Bug 872469
Opened 11 years ago
Updated 2 years ago
X-Forwarded-Message-ID/References headers expose information about S/MIME message
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: rpuls, Unassigned)
References
(Depends on 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 Build ID: 20130511120803 Steps to reproduce: There is an information leak when forwarding e-mails via S/MIME. It should be a minor issue in most cases, but could have serious consequences in others. Scenario: 1. I receive an unencrypted e-mail. 2. I want to forward this e-mail as an encrypted S/MIME message to someone else. 3. I don't want a third party to know that I have forwarded the first message, so I change the subject (removing "Fwd: ..."). Actual results: Thunderbird adds "References" and "X-Forwarded-Message-ID" headers to my encrypted message, containing the ID of the original message. The headers themselves are not encrypted. First of all, a third party can clearly see which message I have forwarded (the original message was unencrypted, so its Message-ID is known). This may or may not have consequences for the person sending the message (think about a "whistleblower" scenario, for example). Second, the third party now knows at least part of the content (the forwarded part) of my encrypted e-mail. They cannot read the text I have added, but this information alone might help in further attacks. A similar problem exists when simply replying to an encrypted e-mail: The "References" header allows a third party to track which e-mail I have replied to. Expected results: From a secure-by-default point of view, Thunderbird should probably strip all "References" and "X-Forwarded-Message-ID" headers from outgoing encrypted e-mails. Other solutions would be to warn the user about the possible information leak, or to provide an advanced option to deactivate these headers for encrypted e-mails. (The optimal solution would be to somehow move this information inside the encrypted message part, but I'm not sure if that is technically possible.)
Comment 1•6 years ago
|
||
More generally, what you really need is the recipient to think that you are the original author of the message being forwarded. bug 485593 would address that
Depends on: 485593
OS: Linux → All
Summary: X-Forwarded-Message-ID/References headers leak information about S/MIME message → X-Forwarded-Message-ID/References headers expose information about S/MIME message
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•