Open Bug 872469 Opened 11 years ago Updated 2 years ago

X-Forwarded-Message-ID/References headers expose information about S/MIME message

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86_64
All
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: rpuls, Unassigned)

References

(Depends on 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0
Build ID: 20130511120803

Steps to reproduce:

There is an information leak when forwarding e-mails via S/MIME. It should be a minor issue in most cases, but could have serious consequences in others.

Scenario:

1. I receive an unencrypted e-mail.
2. I want to forward this e-mail as an encrypted S/MIME message to someone else.
3. I don't want a third party to know that I have forwarded the first message, so I change the subject (removing "Fwd: ...").


Actual results:

Thunderbird adds "References" and "X-Forwarded-Message-ID" headers to my encrypted message, containing the ID of the original message. The headers themselves are not encrypted.

First of all, a third party can clearly see which message I have forwarded (the original message was unencrypted, so its Message-ID is known). This may or may not have consequences for the person sending the message (think about a "whistleblower" scenario, for example).

Second, the third party now knows at least part of the content (the forwarded part) of my encrypted e-mail. They cannot read the text I have added, but this information alone might help in further attacks.

A similar problem exists when simply replying to an encrypted e-mail: The "References" header allows a third party to track which e-mail I have replied to.


Expected results:

From a secure-by-default point of view, Thunderbird should probably strip all "References" and "X-Forwarded-Message-ID" headers from outgoing encrypted e-mails. Other solutions would be to warn the user about the possible information leak, or to provide an advanced option to deactivate these headers for encrypted e-mails. (The optimal solution would be to somehow move this information inside the encrypted message part, but I'm not sure if that is technically possible.)
More generally, what you really need is the recipient to think that you are the original author of the message being forwarded.  bug 485593 would address that
Depends on: 485593
OS: Linux → All
Summary: X-Forwarded-Message-ID/References headers leak information about S/MIME message → X-Forwarded-Message-ID/References headers expose information about S/MIME message
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.