[Users] Efail: Claws Mail status
colin at colino.net
Thu May 17 10:16:52 CEST 2018
On Tue, 15 May 2018 08:47:55 +0300, Shai Berger <shai at platonix.com>
> The main vector for using the vulnerability is HTML mail, which Claws
> does not support by default. As far as I could see, there was no
> specific reference to the HTML plugins; as far as I understand, Claws
> with an HTML plugin (like Fancy) should get the same score as, e.g.
> KMail (that is, vulnerability can be abused but requires user
> interaction to do so).
From what I understand, the Efail attack works when the MUA
concatenates multiple HTML parts for display:
Even when using an HTML-rendering plugin like Fancy, Claws Mail only
displays one HTML part at a time and does not concatenate them.
Therefore I think it is completely safe. I'll ask the GnuPG people just
to make sure.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Users