Showing results for 
Show  only  | Search instead for 
Did you mean: 
New member
Status: New idea

Dear Mozilla-Team, the past has shown that not all users are always aware of the risk by attachments.
A significant attack vector are wrong labeled attachments (file extension wrong).
You can still rename a virus.exe to readme.pdf and it is shown as PDF-Symbol in Thunderbird.
( yes you could find some addons, but most of thunderbird users do not have them - it needs to be buildin )
It would be easy to check for the magic-number (first 4 bytes) if it is matching the extension, at least for the top ten dangerous file types (e.g. EXE, PDF, ZIP, COM, BAT, CMD, MSI, etc) plus the most often used ones (e.g. JPG, MP3, etc). I dont suggest to implement the full linux "file" database, but to recognize the most important kinds. Any time the extension is misleading, it should be blocked or warning-fenced. Of course this sould be possible to disable in settings, but I cannot imagine a case where someone would be unhappy about this hint. Especially belong to the 99.99% of users that do not like virus-infections or ransomware on their computer. A tool that is intended to be used by everyone should concider everyone using it (and prevent dangerous "presents"). Sometimes its only a wrong click by someone being in a hurry...

Thanks for reading.

Status changed to: New idea
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Familiar face

Just to see what would happen, I renamed an image file,  that would normally open in photos to a PDF.  Then I attached and emails it to myself.  This is what I got when I tried to open it.


I am sure it will have exactly the same issue with anything not a PDF.

So because I was on a role,  I tried renaming an EXE as an image and sending it thorough Google.  This was the result


so I tried opening the attachment from my draft and got the following.


So I can't send the EXE,  if it arrives as an image photos can't open it.

I think the truth is windows has largely closed that gap in their launch methodologies, since windows XP and as Thunderbird uses media types to identify the application to launch the attachment it becomes even more problematical.

I can see how having Thunderbird examine the content when attaching to determine the media type, instead of relying on the host system to identify the media type, would be a good idea.  But I doubt there are significant security issues in not doing so.



New member

A list of magic numbers for file headers can be found here:

Linux/Posix "#!" scripts and elf executables "ELFMAG" should be included. Windows default scripts (.bat + .cmd) have no magic number (and could be ignored in the first implementation).

The comparision should be bi-directional, meaning:  e.g. a .pdf file without "%PDF-" or a file with "%PDF-" but another extension as .PDF or .pdf should be concidered strange/dangerous.

New member

Hi MattAuSupport,

the decision to block .exe files depends on mail-server not Thunderbird, and depends on you mail-provider or admin your company/organization, and therefore depends on random luck.

The Adobe-Reader-message depends on the tool you use to open the file, which in windows only depends on the file extension, and later on the individual implementation of whatever tool you decided to handle such files. Th consequences are somehow again random luck.

If you get an executable file (.exe, .elf, .bash, etc) and your mailserver did not block it (I think only exe is often blocked) then it would be started in e.g. windows using the start.exe (windows internal) to decide what to do and would send it (without further question) to another tool (tool=OS in case of windows got .exe).

Regards, Alexander

New member


Windows 10 + Thunderbird 115.6.0 (up to date) present the wrong file (orginally a pdf) as zip (by extension), not by "media types" as you suggest. At least the misleading symbol could cause someone to be misleaded.