Headline

CVE-2022-4055: xdg-email does not parse mailto uris properly for thunderbird (#205) · Issues · xdg / xdg-utils · GitLab

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

2 years ago

CVE

Open in Source

#git #perl

When using thunderbird as mailto handler xdg-email translates mailto uris into an ‘thunderbird -compose’ argument. While to, cc and bcc values are properly enclosed in single quotes this is not the case for subject or body. This breaks functionality and allows to use all thunderbird -compose arguments within a mailto uri, e.g.

xdg-email ‘mailto:[email protected]?subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt’

translates into

thunderbird -compose to=’[email protected],’,subject=Test,attachment=~/.thunderbird/profiles.ini,message=/home/test/test.txt

with working attachment and message. (And, yes, ~ expands to the home directory.)

This is different from Issue 177 where the handling of attachments is intended. Here it is not.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago