An issue exists in attach parameter in GNOME Gmail version 2.5.4, allows remote malicious users to gain sensitive information via crafted "mailto" link.
davesteele gnome-gmail 2.5.4