id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
1487895,Content checks for inline attachments,thomasb,,"Contents of attachments (such as pictures) which are embedded in HTML (multipart/related) messages should be checked before sending them to the client.

Internet Explorer executes javascript code within images (!) if <script>... exists in content. It entirely ignores mimetype headers but does content sniffing.
   
This is a XSS vulnerability which exists when using Internet Explorer and is an attack that takes advantage of a bug which exists in the web browser.

Reproduction Procedure:
    
Disguise HTML which contains a SCRIPT tag as a picture file (.jpg, .gif, etc.) or create a picture file that contains a SCRIPT tag and attach it. Send this email and when this attachment is opened/viewed, the javascript is executed.
",Bugs,closed,3,0.7-stable,Security,git-master,major,fixed,,