Re: Netscape mail reader oddity

["Chris A. Mattingly" <chris.mattingly () INTERPATH NET>]

There's a hidden button in the top right area of the
message display to "show attachments".  Sometimes it
shows in mine, sometimes it doesn't.

I think it depends on how the sender attached the
attachment.

That's what causes it for me anyways. :)

-Chris

Mikael Olsson wrote:
> Hi,
>
> I've seen something _really_ weird with the netscape mail reader,
> and I wonder if anyone else has seen it.
>
> A couple of times, I've managed to completely alter the message
> display in the mail reader, by clicking around and selecting
> text in the message (I do this all the time when I read
> texts, don't ask me why).
>
> All of a sudden, the message display changed to something that...
> Well, I don't really know. It looked like the old Internet
> Mail&News display, with the text covering the top 80% of the
> message display, and a list of icons for the attachments at
> the bottom 20%, in its own frame. (By the way, I only have
> IE3 installed on my computers; I never use IE so I haven't
> bothered to upgrade, for several reasons).
>
> Either there is a feature in Netscape that I don't know of,
> but the more likely explanation is that all of a sudden, netscape
> decided to hand the mime message over to the Windows OLE host or
> something like that, which ended up displaying it in Internet
> Mail&News instead.
>
> Now, why I am posting this to vuln-dev?
>
> At least in my case, there is a huge difference in how mail
> is handled by my netscape installation and "internet mail&news".
> I've got all javascript and java turned off in netscape. This
> is not the case in "internet mail&news".
>
> Could it be possible to remotely cause this to happen?
> I don't know.
> If it is, I'd likely find myself in a heap of problems unless
> I disable everything in explorer (which I now have done).
> All of a sudden, all javascript and java embedded fun would
> work just as it did a couple of years ago. Ouch.
>
> (No, do NOT advise me to install IE4/5 to get the security
> zones. I do NOT want a file handler that doesn't know how
> to differentiate between the www and my local drives.)
>
> Uhm.. Well, that's it, really. I don't really expect anyone
> to dive head-first into a full-out investigation, but
> if anyone's seen or heard anything about this, I for one
> would be interested in hearing about it.
>
> --
> Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
> Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
> Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
> WWW: http://www.enternet.se/       E-mail: mikael.olsson () enternet se

Attachment: chris.mattingly.vcf
Description: Card for Chris A. Mattingly