Menu

#995 Inline displayed attachments not decrypted

invalid
nobody
inline (1) decrypt (1)
2.0.11
Minor
60.7.0
2.2.4
Linux
---
nobody
2019-06-20
2019-06-20
Giedrius Liubavičius
No

Enigmail stopped decrypting .asc attached files that are displayed INLINE

Debug log attached

1 Attachments
enigmail log

Discussion

  • Patrick Brunschwig

    Patrick Brunschwig - 2019-06-20
    • status: open --> invalid
     

  • Patrick Brunschwig

    Patrick Brunschwig - 2019-06-20

    That's correct - Enigmail does not do that anymore because this may be abused for trinking you into revealing sensitive information. See bugs [#983] and [#984] for details.

    You have to use the context menu > Decrypt & Open to decrypt the attachment.

     

    Related

    Bugs: #983
    Bugs: #984

  • Giedrius Liubavičius

    Giedrius Liubavičius - 2019-06-20

    As I understand it abuse is only possible if attachment of **Content-Disposition: INLINE ** is decrypted and thus displayed on reply. Not really a case here.

    In my case - not hidden/wrapped real attachment (Content-Disposition: attachment, mime type Content-Type: application/octet-stream and not used from body part).

    It is displayed inline just because of Thunderbirds' setting to show displayable attachments (plaintext, photos) inline with notable separation from email body.

    I suggest to add an exception or maybe extra option to decrypt attachments when:
    1) mail.inline_attachments=true
    2) attachment is not part of the body (content-disposition: attachment)

     

    • Patrick Brunschwig

      Patrick Brunschwig - 2019-06-21

      I fully understand what you would like to have. But attachments are displayed in the same HTML document as the message body. Thus everything that applies to the message text also applies to attachments. It is therefore impossible to safely decrypt and display attachments inline in Thunderbird.

       

Log in to post a comment.

MongoDB Logo MongoDB