.arcconfig
author Ben Bucksch <ben.bucksch@beonex.com>
Mon, 21 May 2018 18:44:41 +0200
changeset 23964 96fab4a2b81189101231b12106823748c9a70a94
parent 23954 a9fc16e8d99b21aaf8078bc2e7b706439c2d4568
permissions -rw-r--r--
Bug 1419417 - Parse HTML to make sure that tags and attributes are properly closed. r=mkmelin,jorgk This fixes the efail <http://efail.de> security bug, which opens a HTML tag or attribute in an HTML MIME part, then puts in a PGP-encrypted part, and then another HTML part with the closing quote or tag. This could be e.g. <img src=' or <form><textarea>, CSS URL or similar features that send out the following text as URL and therefore leak it to the attacker who crafted the email. The PGP part will then be decrypted and leak. The bug was that we just passed HTML through verbatim. The frontend does not have any further precautions, either. The correct solution here is to jail each MIME part into a separate <iframe type="content"> in the UI. However, we don't want one scrollbar for each MIME part, but one scroll for the entire body. <iframe seamless> would allow that, but it was never implemented in Firefox and is now dead. We might later find a workaround, but this is more work and can't be done short term. The fix here in libmime first parses the HTML that we get in the HTML MIME part, and then immediately serialized it again. That ensures that the HTML document is complete, syntactically correct, and all tags and attributes are properly closed, before we start with the next MIME part.

{
  "phabricator.uri" : "https://phabricator.services.mozilla.com/",
  "repository.callsign": "COMMCENTRAL",
  "history.immutable": false
}