[horde] PGP vulnerability
Ole Wolf
wolf at blazingangles.com
Mon May 14 12:18:10 UTC 2018
Quoting Arjen de Korte <build+horde at de-korte.org>:
> Regarding below warning from the EFF:
>
> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> Based on the limited information available today, I assume this has
> something to do with a crafted message that somehow discloses the
> private key to an attacker. Does anybody know if besides the plugins
> mentioned in this article, other applications (Horde for instance)
> are affected as well?
It appears to be an email client vulnerability where inlined HTML
causes code (I assume JavaScript) to be executed; this code reportedly
makes the email client send a cleartext message back if the email
client parses and displays remote HTML. If so, turning off the option
to display remote HTML code should suffice.
Ole Wolf
Gl. Kongevej 105 • 8643 Ans By
Telefon: 2467-5526 • Skype: ole.wolf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 6645 bytes
Desc: Offentlig PGP n?gle
URL: <https://lists.horde.org/archives/horde/attachments/20180514/2f49a48c/attachment.bin>
More information about the horde
mailing list