fix for bug #176016

Sending an email can reveal the name of the profile directory secret .slt name
r/sr=bienveu

mailnews/compose/resources/content/MsgComposeCommands.js

@@ -2151,6 +2151,20 @@ function AddAttachment(attachment)
 
     if (!attachment.name)
       attachment.name = gMsgCompose.AttachmentPrettyName(attachment.url);
+
+    // for security reasons, don't allow *-message:// uris to leak out
+    // we don't want to reveal the .slt path (for mailbox://), or the username or hostname
+    var messagePrefix = /^mailbox-message:|^imap-message:|^news-message:/i;
+    if (messagePrefix.test(attachment.name))
+      attachment.name = sComposeMsgsBundle.getString("messageAttachmentSafeName");
+    else {
+      // for security reasons, don't allow mail protocol uris to leak out
+      // we don't want to reveal the .slt path (for mailbox://), or the username or hostname
+      var mailProtocol = /^mailbox:|^imap:|^s?news:/i;
+      if (mailProtocol.test(attachment.name))
+        attachment.name = sComposeMsgsBundle.getString("partAttachmentSafeName");
+    }
+
     item.setAttribute("label", attachment.name);    //use for display only
     item.attachment = attachment;   //full attachment object stored here
     try {

mailnews/compose/resources/locale/en-US/composeMsgs.properties

@@ -229,6 +229,11 @@ subjectDlogMessage=You did not specify a subject for this message. If you would
 attachPageDlogTitle=Please specify a location to attach
 attachPageDlogMessage=Web Page (URL):
 
+## String used for attachment pretty name, when attachment is a message
+messageAttachmentSafeName=Attached Message
+## String used for attachment pretty name, when attachment is message part
+partAttachmentSafeName=Attached Message Part
+
 ## String used by the Initialization Error dialog
 initErrorDlogTitle=Message Compose
 ## LOCALIZATION NOTE (initErrorDlogMessage): %1$s will be replaced by the error string.  do not translate \n