[horde] Horde mishandling Amazon.com mails
tomalciere at tomalciere.com
tomalciere at tomalciere.com
Thu Oct 27 22:09:02 UTC 2011
I attach an email from Amazon.com which is not too personal.
The code defeats Horde, because the code says
html
head
BASE href="http://www.amazon.com/"
(I removed the angle brackets for good transmission.)
This makes the Horde links in Firefox, such as MESSAGE SOURCE and REPLY point
to non-existent places under the www.amazon.com domain.
A criminal could exploit this to make it harder for recipients to obtain the
source code of a phishing email.
Tom Alciere
More information about the horde
mailing list