JVN#FCAD9BD8

Inappropriate interpretation of mailto URL scheme by mail client software

Overview

The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail header.

RFC2368 defining the mailto URL scheme points out the followings in its Security Considerations section.

• A mail client should never send anything without complete disclosure to the user of the full message created based on descriptions of the mailto URL scheme
• It should explicitly display any headers along with the message destination.
• It is inappropriate to set a header related to mail delivery based on descriptions of the mailto URL scheme

However, some mail clients set the header related to mail delivery based on descriptions of the mailto URL scheme or do not explicitly display the full header.

We published this issue on JVN in coordination with developers, to publicize the issue to users and mail client developers.

Products Affected

• Mail clients interpreting the mailto URL scheme

Description

Impact

An email message may be sent to recipients to whom the user does not intend to send it.

Solution

Vendor Status

References

1. IETF
   RFC2368: The mailto URL scheme

JPCERT/CC Addendum

Credit

Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

Update History