Abaphandi abavela kwiYunivesithi yaseRuhr eBochum, eJamani, yahlalutya indlela yokuziphatha kwabaxhasi be-imeyile xa iphatha "mailto:" amakhonkco ngeeparameter ezandisiweyo.
Apho abahlanu kubathengi abangamashumi amabini ye-imeyile ukuba bahlalutya babesengozini kuhlaselo lokuxhaphaza ngokwesivumelwano lwezixhobo usebenzisa i "attach" iparameter.
Abathengi abathandathu imeyile ngaphezulu zichaphazele i-PGP kunye ne-S / MIME kuhlaselo oluphambili lokutshintsha, kwaye abathengi abathathu babesengozini kuhlaselo lokufumana umxholo wemiyalezo ebhaliweyo.
"I-mailto:" amakhonkco asetyenziselwa ukwenza ukuba kuvulwe umxhasi weposi ukuze ubhale i-imeyile kumamkeli echazwe kwikhonkco. Ukongeza kwidilesi, njengenxalenye yekhonkco, ungachaza iiparameter ezongezelelweyo, ezinje ngomxholo wesifundo kunye netemplate yomxholo oqhelekileyo.
Uhlaselo olucetywayo sebenzisa "ukunamathisela" ipharamitha yokuncamathisela ifayile kwi-imeyile evelisiweyo.
Kubathengi be-imeyile abahlalutyiweyo, oku kulandelayo kuchaziwe:
Abaxhasi bemeyile I-Thunderbird, i-GNOME Evolution (I-CVE-2020-11879), KMail ye KDE (I-CVE-2020-11880), Amanqaku e-IBM / HCL (I-CVE-2020-4089) kunye ne-Pegasus Mail babebuthathaka uhlaselo olungenamsebenzi iqhoboshele ngokuzenzekelayo nayiphi na ifayile yendawo echaziweyo Ngekhonkco njenge "mailto :? attach = path_to_file".
Ifayile iqhotyoshelwe ngaphandle kwesaziso sangaphambili, ke ngoko, ngaphandle koxinzelelo olukhethekileyo, umsebenzisi akanakuqaphela ukuba ngeposi iya kuthunyelwa kunye nesinamathiselo.
Esi siphoso sinokuxhatshazwa ngokulula, kuba ukufumana iifayile ezikhethekileyo zenkqubo, awudingi kwenza lukhulu, ngaphandle kokuchaza umendo. Umzekelo, inokusetyenziselwa ukufumana iipotifoliyo ze-cryptocurrency okanye kwiziko ledatha okanye into enomdla.
Ukongeza kwiifayile zasekhaya, abanye abathengi beenkqubo ze-imeyile badibanisa ukugcinwa kwenethiwekhi kunye neendlela ezikwiserver ye-IMAP.
Ngokukodwa Amanqaku e-IBM akuvumela ukuba udlulise ifayile ukusuka kulawulo lwenethiwekhi xa kulungiswa amakhonkco anje nge "attach = \\.com.com \ file", kunye nokunqanda i-NTLM yokuqinisekisa iiparameter ngokuthumela ikhonkco kwiseva elawulwa yi-SMB (isicelo siya kuthunyelwa kunye neeparameter zokungqinisisa zomsebenzisi).
Kwimeko ekhethekileyo ye I-Thunderbird, oku kuphatha ngempumelelo izicelo zokuncamathisela umxholo kwifolda kwiseva ye-IMAP.
Kwangelo xesha, imiyalezo ekhutshwe kwi-IMAP, ebhalwe ngokusebenzisa i-OpenPGP kunye ne-S / MIME, icaciswa ngokuzenzekelayo ngumxhasi weposi ngaphambi kokuba ayithumele.
Abaphuhlisi beThunderbird bazisiwe ngomcimbi ngoFebruwari kwaye umba ngoku ulungisiwe kwiThunderbird 78 (amasebe eThunderbird 52, 60, kunye nama-68 asesichengeni).
Iinguqulelo zangaphambili zeThunderbird zazikwasengozini kwezinye iindlela ezimbini zokuhlaselwa kwePGP kunye neS / MIME ecetywayo ngabaphandi.
Nangona iThunderbird isusile i-mailto:? Qhoboshela, kubonakala ngathi ikhona kunikezelo olusebenzisa i-xdg-imeyile ukubonisa i-URLs yeposi.
Ngokukodwa, iThunderbird, kunye I-OutLook, i-PostBox, i-eM Client, i-MailMate kunye ne-R2Mail2, zikwazile ukwenza uhlaselo oluphambili, kubangelwa yinto yokuba umxhasi weposi angenisa ngaphakathi ngokuzenzekelayo kwaye afakele izatifikethi ezintsha ezidluliselwe kwimilayezo ye-S / MIME, evumela umhlaseli ukuba alungelelanise indawo yezitshixo zikarhulumente esele zigcinwe ngumsebenzisi.
Uhlaselo lwesibini, apho babhenceka khona I-Thunderbird, i-PostBox kunye ne-MailMate, ubuqili beempawu zendlela yokulondolozwa ngokuzenzekelayo Uyilo lwemiyalezo kunye ikuvumela ukuba usebenzise iparametermeyokuqalisa ukubhalwa ngokufihlakeleyo kwemiyalezo ebhaliweyo okanye ukongeza isiginitsha yedijithali yemiyalezo engenakuphikiswa, kunye nokudluliselwa kwesiphumo kwiserver ye-IMAP yomhlaseli.
Kolu hlaselo, umbhalo wesicatshulwa ugqithiselwa kwiparameter "yomzimba" kwaye ithegi "yemeta yokuhlaziya" isetyenziselwa ukuqala umnxeba kwiseva ye-IMAP yomhlaseli.
Ukulungiswa ngokuzenzekelayo kwe "mailto:" amakhonkco ngaphandle kongenelelo lomsebenzisi, amaxwebhu e-PDF ayilwe ngokukodwa anokusetyenziswa: I-OpenAction kwiPDF ikuvumela ukuba uqalise ngokuzenzekelayo umqhubi weposi xa uvula uxwebhu.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo ngalo mbandela, unokuqhagamshelana nefayile yophando Kule khonkco ilandelayo.
malito: mishuevos@gmail.com? attatch = / njl / passwd ndithumele i-imeyile