Here's the advisory I sent to the Beonex announce mailinglist:
The "Privacy Foundation" <http://www.privacyfoundation.org> published an
exploit of most email and news readers which interpret JavaScript in
messages. Using a small script embedded in an HTML msg, the sender can,
in the worst case, track and read (!) all replies and forwards of that msg.
Beonex Mailnews is *not* vulnerable to this (by default), because
JavaScript in Mailnews is disabled by default.
However, a recipient of a msg you wrote might be vulnerable and reveal
your msg. To avoid that:
* If you reply to or forward an HTML msg, send your reply/forward as
plaintext only (not HTML). By default, you will be asked during sending,
which format to use, with the default at "plainext only" - confirm that.
* Do not forward HTML msgs "as attachment", unless you manually checked the
HTML source that it doesn't contain JavaScript code.
Ben Bucksch
Beonex
--
This message is protected by ROT0 encryption and the DMCA.
Reading is disallowed and will be prosecuted.
