Techly NewsGet the app

Get the latest tech news

Roundcube Webmail: SVG feImage bypasses image blocking to track email opens


Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of email

email

Photo of SVG

SVG

Photo of SVG feImage bypasses

SVG feImage bypasses

Related news:

News photo

EDR, Email, and SASE Miss This Entire Class of Browser Attacks

News photo

DHS Hunts Down 67-Year-Old U.S. Citizen Who Criticized Them in Email

News photo

That's not how email works

« How to Watch Super Bowl For Free Today: iPhone, iPad, and Apple TV
The Little Bool of Doom (2025) »