oss-sec mailing list archives
Re: PGP/MIME and S/MIME mail clients vulnerabilities
From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 14 May 2018 10:29:52 +0200
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html has more details:
"[...] HTML is used as a back channel to create an oracle for modified encrypted mails. It is long known that HTML mails and in particular external links like <img href="tla.org/TAG"/> are evil if the MUA actually honors them (which many meanwhile seem to do again; see all these newsletters). Due to broken MIME parsers a bunch of MUAs seem to concatenate decrypted HTML mime parts which makes it easy to plant such HTML snippets."
-- Jakub Wilk
Current thread:
- PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Jakub Wilk (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Christian Brabandt (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Matthew Fernandez (May 16)