[Tickets #5892] Re: Linked attachment feature vulnerability
bugs at bugs.horde.org
bugs at bugs.horde.org
Fri Nov 16 04:43:59 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=5892
-----------------------------------------------------------------------
Ticket | 5892
Updated By | joao_mauricio at clix.pt
Summary | Linked attachment feature vulnerability
Queue | IMP
Version | 4.1.3
Type | Bug
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
joao_mauricio at clix.pt (2007-11-15 20:43) wrote:
I guess that won't do the job either... cause it doesn't matter the
extension you use, the jar: protocol will interpret it as if it was a jar
file... i think that the solution begins with "hiding" the original
attachment. Another google example (this time a good one :P):
http://mail.google.com/mail/?attid=0.1&disp=attd&view=att&th=1166689ac6fe384d
I'm not sure, but i think that what happens in this situation, is that an
internal script is run and then you have access to the desired attachment.
But not directly.
> Poster wrote back clarifying that this is an XSS issue
> (http://blog.beford.org/?p=8). I'm still not sure that this is a
> vulnerability that we can solve in IMP.
>
> To the poster: what is your suggested solution here? Any particular
> site can turn off linked attachments. But any application that hosts
> files is "vulnerable" to this. So what can an app do, aside from
> disallowing jar files?
More information about the bugs
mailing list