Eudora 7
Contents
Technical Support
Force Eudora to display mail as text only
For any version of after Eudora 6.2 through 7.x you cannot completely disable HTML rendering of incoming messages in Eudora. Some code will still execute; for example, links will still appear as underlined text just like in a web page, rather than URLs in brackets. However, you can use settings that minimize the level of this execution, as follows:
- From the Tools menu, select Options.
- Under "Category:", select Display.
- Uncheck Automatically download HTML graphics and Show attachment images inline.
- Under "Category:", select Viewing Mail.
- On the right under "Message Window", uncheck Use Microsoft's viewer. Then, near the bottom of the Window, uncheck Allow executables in HTML content.
- If you also want to disable the sending of HTML formatted messages, then under "Category:" select Styled Text. On the right under "When sending mail with styled text (HTML):", select Send plain text only.
- Click OK.
Security Advisory GM#002-IE
Any application that hosts the WebBrowser control is affected since this exploit does not require Active Scripting or ActiveX. Some of these applications are:
- Qualcomm Eudora
- Microsoft Outlook
- Microsoft Outlook Express
An example is when an attacker knows the path to attached files.
Eudora is a popular email client; by default it uses the WebBrowser control for viewing email messages. However, it attempts to secure itself by filtering out elements such as <iframe>, <object>, <embed>, etc.
Eudora stores its attachments (by default) in "C:/Program Files/Qualcomm/Eudora/Attach", an attacker is likely to guess other paths to Eudora, such as different drive letters or similar minor changes.
To protect yourself:
Go to Tools -> Options -> Viewing Mail, uncheck "Use Microsoft's viewer"
Eudora Options for Safer Email Viewing in Microsoft Windows
Safe email viewing in Eudora is mostly a matter of setting a few options. Do this by selecting Tools, then Options, then the following Categories.
- Display and Fonts:
- Windows: Uncheck: Automatically download HTML graphics
- Viewing Mail
- Message Window box:
- Uncheck Use Microsoft's viewer (This is important.)
- Preview Pane box:
- Uncheck: Show message preview pane
- Uncheck: Automatically open next message (Note: You don't have to uncheck this if (1) you use antispam filtering and (2) you're careful about checking each mailbox's index list and delete all suspicious email messages before you begin reading them.)
- Uncheck: Allow executables in HTML content
- Message Window box:
- Extra Warnings:
- Warn me when I:
- Check: Launch a program from a message
- Check: Launch a program externally
- Warn me when I:
- Miscellaneous:
- Uncheck: Say OK to alerts after xx Second(s)
When you right click in a message and choose the option to "Send to Browser" and receieve an error message "Invalid menu handle" it is likely a problem with fire association.
One example: A system where the user wants to have Firefox open the message but the user also has Open Office installed, the Sun Microsystems Open Office program will screw up the file extension .HTM and cause this problem. (OpenOffice.Org 2.0)
In CONTROL PANEL, FOLDER OPTIONS, under the "File Types" tab locate the .HTM extension type.
If selecting Firefox causes it to revert to OpenOffice.Org 2.0 - FIX IN WINDOWS REGISTRY
KEY:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm
- Create a new text file and call it htmfix.reg
- Enter the following:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm] "Progid"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList] "a"="notepad.exe" "MRUList"="dhcagefb" "b"="iexplore.exe" "c"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids] "htmlfile"=hex(0): "FirefoxHTML"=hex(0):
3. Save the text file and then double click to add it to the registry