diff options
-rw-r--r-- | mail/ChangeLog | 7 | ||||
-rw-r--r-- | mail/mail-display.c | 5 |
2 files changed, 12 insertions, 0 deletions
diff --git a/mail/ChangeLog b/mail/ChangeLog index 7b553f817e..a8be5524cc 100644 --- a/mail/ChangeLog +++ b/mail/ChangeLog @@ -2,6 +2,13 @@ Security vulnerability fixes. + * mail-display.c (do_external_viewer): Make sure that we don't + launch a bonobo control to view a mime-type that we handle + internally, otherwise maliciously formed HTML mail using <object> + tags could potentially launch a bonobo vontrol to view the mime + part bypassing any checks that Evolution might do on the data + normally. + * mail-format.c (handle_text_html, attachment_header) (handle_image, handle_via_bonobo): Encode the result from get_cid() so that malicious Content-Id strings cannot bypass the diff --git a/mail/mail-display.c b/mail/mail-display.c index 83387bde92..955de714ea 100644 --- a/mail/mail-display.c +++ b/mail/mail-display.c @@ -1081,6 +1081,11 @@ do_external_viewer (GtkHTML *html, GtkHTMLEmbedded *eb, CORBA_Environment ev; CamelStreamMem *cstream; BonoboStream *bstream; + MailMimeHandler *handler; + + handler = mail_lookup_handler (eb->type); + if (!handler || handler->builtin) + return FALSE; component = gnome_vfs_mime_get_default_component (eb->type); if (!component) |