[horde] PGP vulnerability
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Mon May 14 12:27:47 UTC 2018
Zitat von Ole Wolf <wolf at blazingangles.com>:
> Quoting Arjen de Korte <build+horde at de-korte.org>:
>
>> Regarding below warning from the EFF:
>>
>> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
>> Based on the limited information available today, I assume this has
>> something to do with a crafted message that somehow discloses the
>> private key to an attacker. Does anybody know if besides the
>> plugins mentioned in this article, other applications (Horde for
>> instance) are affected as well?
>
> It appears to be an email client vulnerability where inlined HTML
> causes code (I assume JavaScript) to be executed; this code
> reportedly makes the email client send a cleartext message back if
> the email client parses and displays remote HTML. If so, turning off
> the option to display remote HTML code should suffice.
From what i have read you simply arrange the MIME parts so the URL
called for external content contains decrypted text. No Javascript
needed, but still a client error even without encryption.
More information about the horde
mailing list