forwarded 429052 https://bugzilla.mozilla.org/show_bug.cgi?id=230606
fixed 429052 3.0-1
thanks

* Florian Weimer ([EMAIL PROTECTED]) wrote:
> * Eric Dorland:
> 
> > severity 429052 important
> > thanks
> >
> > Since upstream does not consider this a critical bug, I don't think we
> > should either. Some sort of warning to the user would be good though,
> > I agree. I could take iceweasel out of mailcap, but this might annoy
> > more than this exploit is a threat. A stripping script would work I
> > suppose, but would probably be surprising to the user. 
> 
> Can't this be used to read SSH keys if the path to the home directory
> can be guessed?
> 
> And there's at least one mail client that can be tricked into opening
> HTML attachments without user interaction. 8-(

This has been fixed upstream.

-- 
Eric Dorland <[EMAIL PROTECTED]>
ICQ: #61138586, Jabber: [EMAIL PROTECTED]

Attachment: signature.asc
Description: Digital signature

Reply via email to