A lesser-known technology known as “mailto” links can be abused to launch attacks on the users of email desktop clients. From a report: The new attacks can be used to secretly steal local files and have them emailed as attachments to attackers, according to a research paper published last week by academics from two German universities. The “vulnerability” at the heart of these attacks is how email clients implemented RFC6068 — the technical standard that describes the ‘mailto’ URI scheme. Mailto refer to special types of links, usually supported by web browsers or email clients. These are links that, when clicked, they open a new email compose/reply window rather than a new web page (website). RFC6068 says that mailto links can support various parameters. When used with mailto links, these parameters will pre-fill the new email window with predefined content.
Read more of this story at Slashdot.
Source:
https://it.slashdot.org/story/20/08/20/177204/some-email-clients-are-vulnerable-to-attacks-via-mailto-links?utm_source=rss1.0mainlinkanon&utm_medium=feed