Mailsploit: emails attacking mail software, **Vivaldi** affected ???
According to the article from Naked Security and the linked Google Document Vivaldi may be affected by this exploit.
Attacks typically exploit mail clients by including null characters (the \0 in the example above), newline characters, or a combination of the two, that causes the client to discard everything in the header that follows them.
I vaguely remember hearing about his previously but on a more limited selection of clients.
As described in the article, which I was not aware of, it also affects Webmail clients like Vivaldi but apparently not RoundCube which I was under impression was used by Vivaldi.
@gwen-dragon Quick Action, Many Thanks !!
I just asked once more in internal Vivaldi chat.
But i have not time to revisit as i am out of my home office now. Tomorrow i will give a feedback, i hope.
Morg42 last edited by Morg42
Just tested the Webmail with mailsploit.com - some (about half) of the 14 different mails actually show the faked sender. (#2, #2.1, #3, #3.1, #5, Mozilla-Thunderbird ≤ 52.5.0-like)
So maybe this can be brought to the dev's attention? (Should I file a bug report?)
According to gwen-dragon's response it has been forwarded to the devs and is being looked into. We will get an update tomorrow.
If we hear nothing then I would.
Morg42 last edited by
@greybeard I was just following up on her latest statement (no time to revisit) - maybe I misunderstood her ;)
I pinged for a investigation.