forwarded 429052 https://bugzilla.mozilla.org/show_bug.cgi?id=230606 fixed 429052 3.0-1 thanks
* Florian Weimer ([EMAIL PROTECTED]) wrote: > * Eric Dorland: > > > severity 429052 important > > thanks > > > > Since upstream does not consider this a critical bug, I don't think we > > should either. Some sort of warning to the user would be good though, > > I agree. I could take iceweasel out of mailcap, but this might annoy > > more than this exploit is a threat. A stripping script would work I > > suppose, but would probably be surprising to the user. > > Can't this be used to read SSH keys if the path to the home directory > can be guessed? > > And there's at least one mail client that can be tricked into opening > HTML attachments without user interaction. 8-( This has been fixed upstream. -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED]
signature.asc
Description: Digital signature

