Chuck Simmons wrote:
> ... An exploit that is sometimes used that may depend on CGI (because CGI
> can provide HTTP headers) is to send a "coded" cookie. This can happen
> in email with some clients because <meta> tags can allow forcing the
> load of a foreign page...
-----------------------------
Chuck,
1. You say "this can happen with some clients". Does this include the
Mozilla Mail Client?
2. On the Mozilla wishlist is there anything like an option to view
E-mails in plain text only?
3. Finally, do you think receiving HTML-enriched E-Mail is of any risk
for a Mozilla user (assuming that Java-script is already disabled)?
Thanks a lot,
Thomas
