Previous 1 2 3 Next 72 Replies Latest reply: Apr 10, 2013 11:34 AM by Connie Mahan
Claas Hanken Level 1 Level 1

Why does Security Update 2012-004 for 10.6 kick out Mail 4.6 Plugins like GrowlMail 1.2.5?


MacBook Pro, Mac OS X (10.6)
Solved by roam on Sep 19, 2012 4:21 PM Solved
from http://support.apple.com/kb/HT5501"Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail." I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky. Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.
Reply by WZZZ on Sep 19, 2012 6:26 PM Helpful
Knock me over with a feather. The last thing I expected. The DL page shows 2.36MB and the .dmg in progress is showing 257MB.  Word of advice to anyone reading this: wait and see what turns up here before installing.There have been some pretty funky updates from time to time. Last winter one crashed all PPC/Rosetta applications.
Reply by lesse on Sep 20, 2012 2:48 AM Helpful
1. Close Mail2. If the plugin already got moved to “~/Library/Mail/Bundles (Disabled)/” move it back to “~/Library/Mail/Bundles/”3. Open Terminal4. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "064442B6-53C0-4A97-B71B-2F111AE4195B"5. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "588FF7D1-4310-4175-9980-145B7E975C02" and now GrowlMail 1.2.5 will work =)

All replies

  • roam Level 6 Level 6

    from http://support.apple.com/kb/HT5501

    "Impact: Viewing an e-mail message may lead to execution of web plugins

    Description: An input validation error existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third-party plug-ins in Mail."

     

    I don't pretend to understand the technical nature of the vulnerability, but simply read those Mail plug-ins could be risky.

     

    Isn't it great that Snow Leopard got a security update!!! A big THANK YOU Apple. Keep it going.

  • WZZZ Level 6 Level 6
    expertise.macosx
    Mac OS X

    Knock me over with a feather. The last thing I expected. The DL page shows 2.36MB and the .dmg in progress is showing 257MB.

     

    Word of advice to anyone reading this: wait and see what turns up here before installing.There have been some pretty funky updates from time to time. Last winter one crashed all PPC/Rosetta applications.

  • roam Level 6 Level 6

    I've installed it and all seems fine, so far so good. Rosetta working well. Fortunately, I don't have Mail plugins.

    I'm rapt this update gives Snow fresh legs. 

  • lesse Level 1 Level 1

    1. Close Mail

    2. If the plugin already got moved to “~/Library/Mail/Bundles (Disabled)/” move it back to “~/Library/Mail/Bundles/

    3. Open Terminal

    4. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "064442B6-53C0-4A97-B71B-2F111AE4195B"

    5. defaults write ~/Library/Mail/Bundles/GrowlMail.mailbundle/Contents/Info SupportedPluginCompatibilityUUIDs -array-add "588FF7D1-4310-4175-9980-145B7E975C02"

     

    and now GrowlMail 1.2.5 will work =)

  • jazzmosax Level 1 Level 1

    The bottom one (under 5.) works for Letterbox and for MailActOn

    as well, just change 'GrowlMail' to 'Letterbox' or to 'MailActOn'.

    thanks lesse

  • lecho Level 1 Level 1

    ... and what about Growl 1.3.3 (purchased via App store) and GrowlMail on 10.7.5. Plugin was disabled by Mail app, but still sits in ~/Library/Mail/Bundles/. How to fix it?

     

    I'll appreciate your help.

     

    iLech

  • WZZZ Level 6 Level 6
    expertise.macosx
    Mac OS X

    roam wrote:

     

    Fortunately, I don't have Mail plugins.

    I'm rapt this update gives Snow fresh legs. 

    Not in ~/Library/Mail, but I'm seeing two Plug-ins in Mail.app>Package Contents.

     

    MailWebPlugin.webplugin

     

    ToDoPlugin.webplugin

     

    No idea what they do, but perhaps these are the ones that get disabled?

     

    I remember now that when Leopard came along Tiger got one more Security Update in the fall of that year. I hope this isn't going to be like that.

  • lesse Level 1 Level 1

    try both UUIDs (from Mail 5.3 (1283))

     

    758F235A-2FD0-4660-9B52-102CD0EA897F

    3335F782-01E2-4DF1-9E61-F81314124212

     

    i cannot test this 'cause i don't have Growl in 10.7.5

  • lecho Level 1 Level 1

    Thx lesse, I'l try it. Is there any risk if it will not work, that something else might stop working?

  • jazzmosax Level 1 Level 1

    Has anyone found a fix for Attachment Tamer, I cannot get it to work with the same fix as Letterbox and MailActOn ?

  • bombardier Level 1 Level 1

    Nope, haven't found a fix for Attachment Tamer - I've sent the dev an e-mail though.

     

    SpamSieve has a 2.9.5b1 that fixes it, available from a link on the dev's support forum.

  • snagitseven Level 1 Level 1

    After the Security Update 2012-004, using one or the other of lesse's two fixes above, I was able to get Letter Opener, OMIC (Letter Box) and MailFollowUp working but not Attachment Tamer which is my most important IMO. I too have sent a meesage to the developer. I have 10.6.8 with Mail 4.6.

    Thanks, lesse.

  • vcayenne Level 1 Level 1

    This one worked for me, Lesse.

     

    …for GrowlMail on 10.7.5

  • mweger Level 1 Level 1

    "try both UUIDs (from Mail 5.3 (1283))

     

    758F235A-2FD0-4660-9B52-102CD0EA897F

    3335F782-01E2-4DF1-9E61-F81314124212"

     

     

    Using Terminal to change the Growlmail plist did not work for me under 10.7.5 BUT directly editing the plist and adding the two UUIDs listed for 10.7.5 worked like a charm.   Thanks for the tip!

Previous 1 2 3 Next