On 10/26/09 11:56, Phillip Jones wrote:
> Ray_Net wrote:
>> Phillip Jones wrote:
>>> Benoit Renard wrote:
>>>> Phillip Jones wrote:
>>>>> And if I were to use Thunderbird I actually like Postbox better 
>>>>> because the last one I downloaded still allowed javascript in email.
>>>> You do realise that JavaScript in mail is a big security risk, right? 
>>>> It doesn't have a place in e-mail messages in the first place. It's a 
>>>> message, not a web page.
>>> Why is it a security risk? I used Netscape Navigator 3.0.1.a Gold, 
>>> Communicator, Mozilla, and Thunderbird until it was removed, and not 
>>> once in all those years had any javascript attacks in email. Not once.
>> You may cross the road when the ligths are red ... without any trouble 
>> ... until the bad day !
> It  is odd that from Netscape Navigator days to just less than a year 
> ago it wasn't that insecure.

Try to remember that security is a moving target. In addition to points
that may be raised by others, consider that as time goes on, people learn
of the vulnerabilities that exist up until now.

So, for example, to say that when using last year's release *last year*,
it was safe, doesn't mean using it now is still safe.

The same holds true for JS. In the beginning, I'm sure many had no idea
how it could be manipulated in such nefarious ways. However, today people
sure know a lot more about how to exploit JS that anyone though possible
a few years ago.
support-seamonkey mailing list

Reply via email to