168174 - css file in HTML mail is fetched

Status: VERIFIED DUPLICATE of bug 28327

(MailNews Core :: Security, defect)

Description

[Henrik Gemal]

having the possibility to block remote image in HTML mail is nice, but we still 
fetch remote css files.

Comment 1

[Daniel Veditz [:dveditz]]

This sounds like a subset of the "no network hits reading mail" bugs, and
wouldn't the same solution apply? If you don't want things leaked then chose the
view as plain text option. Turning off images is more about loading time, not
privacy, with the plain-text option available.

Comment 2

[Ben Bucksch (:BenB)]

Actually, that's (part of) what the Simple HTML feature is designed for. (I
added As Plain Text just because akk wanted it and it was not too hard :) ).

However, I lost track what all the bugs are about. We have the
- image-in-mail blocking (done)
- Simple HTML (done)  and
- bug 28327 (open)
I think this is a dup of one of the latter two.

Comment 3

[Stephen P. Morse]

I agree with Dan's comment 2 above and would think that this report is invalid.
 If you want the privacy when reading mail, then turn on view-as-plain-text.  If
you want performance, then turn off images.  But turning off .css is not a
performance issue, so the css files should not be blocked along with the images.


*** This bug has been marked as a duplicate of 22994 ***

Comment 4

[Stephen P. Morse]

Oops, didn't mean to mark this as a dup.  Reopening.

Comment 5

[Daniel Veditz [:dveditz]]

Dupe of bug 28327, which several times mentions CSS as one avenue for privacy leaks.

*** This bug has been marked as a duplicate of 28327 ***

Comment 6

[John Unruh]

V