Closed Bug 175258 Opened 22 years ago Closed 22 years ago

HTML Mail loads css stylesheet even if images and plugins are disabled

Categories

(SeaMonkey :: MailNews: Message Display, defect)

Product:
SeaMonkey
Component:
MailNews: Message Display
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 28327

People

(Reporter: mozillabug, Assigned: sspitzer)

Details

(Keywords: privacy) 

Hi,
One of the many spam mails caught my attention: Nicely formatted with colors and
fonts. It showed that the mail contained a reference to the stylesheet on the
originating spammers homepage. 
As the feature "no plugins and images in mail" is - in my eyes - mainly to
prevent spammers from including images like logo.gif?receipt=you@your.domain
this is easily to circumvent with stylesheets named like this...

I'm using Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1) Gecko/20020826

I hope not to produce a duplicate - done my best searching this enormous
bugzilla. Thanks for this nice product.
I can confirm this bug with Mozilla 1.0.2 on Windows ME.

I have set the following Prefecences under "Privacy & Security":
Cookies: [x] Disable Cookies in Mail and Newsgroups
Images: [x] Do not load remote images in Mail & Newsgroup messages

However, external stylesheets are still being loaded (allowing tracking of spam
delivery) and a cookie is still being set for this http request (I believe there
is already an open bug for this).

This bug is already being exploited by, for example, the RedHat "Under the brim"
Newsletter. It refers to a personified stylesheet that tracks my reading of
their newsletter.
Keywords: privacy
OS: Windows NT → All

*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.