https://bugs.documentfoundation.org/show_bug.cgi?id=138715
--- Comment #32 from Alex Thurgood <[email protected]> --- Further to comment 31, on macOS Ventura 13.0.1 (aarch64), I can report that it is possible to use the Xerial JDBC driver to setup a JDBC connection to create an ODB file that accesses a Thunderbird sqlite address book. Problems to be resolved 1) The sqlite file is locked against reading data from it if Thunderbird is running. This is true also when using sqlite CLI from the terminal. Apparently, the only way to retrieve the data from the file is to shutdown Thunderbird. 2) Thunderbird stores literally a gazillion different sqlite databases in the profile directory, e.g. /Users/alex/Library/Thunderbird/Profiles/xxxxxxxxx.default with a number of versions (v1,v2,v3, etc) for each one. Which one is the user supposed to choose ? I had to go through several before I found one that contained any useful data. This is not something that normal users will understand or be able to comprehend, as it involves navigating through a hidden folder (Library) and seeking out an appropriate abook sqlite file from the list of files in that folder. 3) The sqlite database appears to comprise 3 tables : list_cards : list (TEXT) PRIMARY KEY; card (TEXT) PRIMARY KEY lists : uuid (TEXT) PRIMARY KEY; localId (INT); name (TEXT); nickName (TEXT); description (TEXT) properties : card (TEXT); name (TEXT); value (TEXT) I found some kind of exploitable data in the "properties" table. However, the data is not organised in an obviously exploitable way, for example: the "card" field contains what appears to be a unique character string value (hex?) for any given contact; the "name" field contains the names of the fields that are found in the address book, each address book field name having its own separate tuple - for example, "DisplayName", "PreferMailFormat","CellularNumber", "PrimaryEmail", "LastModifiedDate", etc; the "value" contains the character string, or value, that corresponds to the field name of the address book having the assigned card index value. Presumably, Thunderbird manages to tie all of these tables together in some way internally, so that the user is presented with a homogenous experience. A basic simple table access to any given abook.sqlite via LO wouldn't do this, and would be difficult to exploit without the added nuts and bolts code to make things useful. -- You are receiving this mail because: You are the assignee for the bug.
