@dikiy-evrej I don't think that the recent change was in Thunderbird. The recent change here was to drop the attach= parameter from the mailto URL passed to Thunderbird, so that if you click a malicious mailto link in e.g. Chrome, it can't trick you into sending arbitrary files.
Problem was that xdg-email parses its command line arguments - supplied by e.g. simple-scan - and converts them to a mailto URL with attach= parameter - which it then drops before calling TB. My hack in the simple-scan bug above is to only drop the attach parameter if the caller is Chrome or Chromium as those are the browsers used in my environment, but a better fix is required... -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xdg-utils in Ubuntu. https://bugs.launchpad.net/bugs/1909941 Title: xdg-email changes break simple-scan email functionality Status in xdg-utils package in Ubuntu: Confirmed Bug description: Observed on 16.04 to 20.04 xdg-email no longer actions "-attach filename" arguments when running thunderbird following recent security fixes to protect against malicious use from browser ( https://security-tracker.debian.org/tracker/CVE-2020-27748 and https://ubuntu.com/security/CVE-2020-27748 ) This breaks simple-scan "send by email" functionality and other applications too. https://gitlab.gnome.org/GNOME/simple-scan/-/issues/216 https://forums.linuxmint.com/viewtopic.php?f=208&t=336053 https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/28 (see comments) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-utils/+bug/1909941/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
