On 11/5/2013 9:45 PM, Claudio Freire wrote:
On Wed, Nov 6, 2013 at 1:13 AM, Linda Walsh
wrote: On 11/5/2013 7:44 PM, Claudio Freire wrote:
On Tue, Nov 5, 2013 at 11:09 PM, Linda Walsh
wrote: No -- I assert that HTML is markup on text -- it isn't scripting -- but it does the same thing that some reader do automatically.
That's oh-so-naive
---- Could you elaborate. I'm talking HTML with no includes and no scripts� i.e. the complete source in the text.
Google search, first try, first query that popped into my head.
----------- You should have looked a bit deeper... Nothing about an exploit, but you can find a similar list @: https://www.google.com/search?q=buffer+overflow+in+text+parser Or https://www.google.com/search?q=buffer+overflow+in+text+email Including buffer overflows in mutt -- a plaintext reader. or this is a goodie: CERT/CC Blog: *****Plain Text Email in Outlook Express************* www.cert.org/blogs/certcc/.../plain_text_email_in_outlook_ex.html - Cached - Similar Nov 13, 2009 ... Reading email messages in plain text seems like a reasonable thing to ... cursor stack buffer overflow vulnerability (VU#191609), I noticed that ... So far you helping me show more bugs in plain text emails that I would have guessed... fascinating...so maybe text emails are more of a security risk than HTML, due to people's implicit belief that plaintext emails can't contain such problems so there is less checking? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org