Nick Boyce wrote:
Hmmm. I didn't realise the Show Images setting got stored, and I
don't think that's the best strategy from a privacy point of view.
It surprised me, too. The threat model was spammers trying to verify
live addresses, and in that model loading a webbug multiple times is no
Or perhaps cache the images along with the message, to be deleted when
the message is. That way one can open an email many times without
accessing a web resource each time.
It would also allow someone to forward a message, and include the
content as it is currently, as opposed to how it may be
Daniel Veditz wrote:
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
We believe this to be a testing error.
I responded too soon. This is indeed a problem in the current release
version of Thunderbird 1.5
On 2/28/06, Daniel Veditz [EMAIL PROTECTED] wrote:
Once a user has pressed the Show Images button--not the best label
since it covers all remote content--that state is stored in the mailbox
metadata/index file (.msf) and the remote content will then be loaded on
future viewings.
Hmmm. I
Hello,
If you carefully look at the inline attachments, you will find this
(first proof of concept) :
htmlhead/headbody style=margin: 0px; padding: 0px; border:
0px;iframe src=http://www.sysdream.com; width=100% height=100%
frameborder=0 marginheight=0 marginwidth=0/iframe
The information
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
We believe this to be a testing error. The problem of loading remote
iframe and css content was fixed prior to the release of Mozilla
Thunderbird 1.0
The testcase included in the advisory contains the
Daniel Veditz wrote:
[a plain text message]
Just got half a dozen bounces because my plain-text email supposedly
contained Suspicious I-Frame.a (Malicious Mobile Code) virus. Those of
you behind McAfee GroupShield barriers may not be getting the whole
conversation here if people can't even use
