Javier
2018-05-21 00:12:53 UTC
On Sun, 20 May 2018 09:09:17 +0900
Hi,
Have in mind that, beyond the basic HTML parsing, Sylpheed doesn't
download/request external resources, that is where the Efail
relies to for the successful attack. As when the external resource is
requested, with the malformed HTML, is sent also the content of the
mail.
That AFAIK, can't happen to Sylpheed. Even doesn't use S/MIME (even
though OpenPGP is kind of MIME).
The Efail, beyond the media noise, is the old recommendation:
beware with HTML mails and external resources on it.
Plain text forever. No need of fancy.
Regards.
Since Sylpheed and Claws share many similarities, and since parsing of
HTML emails in Sylpheed is intentionally basic, is it safe to assume
that Sylpheed is not vulnerable to Efail?
Yes.HTML emails in Sylpheed is intentionally basic, is it safe to assume
that Sylpheed is not vulnerable to Efail?
Hi,
Have in mind that, beyond the basic HTML parsing, Sylpheed doesn't
download/request external resources, that is where the Efail
relies to for the successful attack. As when the external resource is
requested, with the malformed HTML, is sent also the content of the
mail.
That AFAIK, can't happen to Sylpheed. Even doesn't use S/MIME (even
though OpenPGP is kind of MIME).
The Efail, beyond the media noise, is the old recommendation:
beware with HTML mails and external resources on it.
Plain text forever. No need of fancy.
Regards.