Closed Bug 199709 Opened 21 years ago Closed 21 years ago

Remote images are loaded even if I check "Do not load remote images" in preferences

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: fredbezies, Assigned: sspitzer)

Details

(Keywords: privacy, regression)

Attachments

(1 file)

It is a boolpref
1.23 KB, patch
dwitte
: review+
peterv
: superreview+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030328
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030328

All in the summary. Some junk mail are loading remote images, even if I said no,
by checking "do not load remote..." in prefs panel.

I search in Bugzilla and I don't find a bug like this one.

Sorry if it is a duplicate.

Reproducible: Always

Steps to Reproduce:
1.Verify that option "Do not load remote images" is checked in preferences
2.Load a junk mail with a remote image in it
Actual Results:  
Image is loaded

Expected Results:  
Image not loaded.

Could it be related to bugfix for bug 198301, checked in 9 days ago ?
Confirming bug on OS/2 build 2003032712
OS -> All
OS: Windows XP → All
Isn't it a security issue?
Security component seems more suitable for the bug.
I have another details to add.

This bug is weird, because it only appears when you uncheck option, confirm your
choice, and check it again.

Hope it helps ?
And last detail (sorry for /spamming/), this bug disappears (see comment #3),
when you *completely* exit mozilla. So is quicklaunch related to this bug ?

It is a very very weird bug !
I cannot confirm comments #3 and #4.
Playing with the option and restarting Mozilla have no effect here.
Switching component to Security since the bug allows the spammers to have
implicit confirmation that their mail reached destination and got the
recipient's attention.

P.S. On my system almost every mail with remote images is a spam.
Component: Mail Window Front End → Security: General
I do agree with comment #6.

Nominating it as a "?" blocker for 1.4b
Flags: blocking1.4b?
This seems to have been caused by:

1.19	bzbarsky%mit.edu	Mar 21 17:24	 	Checking in permissions rewrite phase 1
(troop deployment in the permission
gulf). Bug 191380, patch by mvl@exedo.nl (Michiel van Leeuwen),
r=dwitte@stanford.edu, sr=darin.
ccing the people who may actually know something about this code.. (hint: the
person checking in the code may not know much about it; the patch author and
reviewers are the ones to cc...)

First, are Frederic and Max seeing the same bug?  Frederic's sounds like someone
forgot to register a pref observer, so that pref changes need a restart to take
effect.  Max's sounds like something a little more fundamental is broken...
Keywords: privacy, regression
Attached patch It is a boolprefSplinter Review 
This is when reading changed preferences. No further comments...
I should fix the problem that you need to restart mozilla. Not sure about the
other one.
Comment on attachment 119656 [details] [diff] [review]
It is a boolpref

indeed. ;)
Attachment #119656 - Flags: review+
Attachment #119656 - Flags: superreview+
Fix checked in.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
v.
Status: RESOLVED → VERIFIED
clearing 1.4 blocker request, since the fix has landed.
Flags: blocking1.4b?
I'm still seeing this behavior in Mozilla 1.4 [Mozilla/5.0 (X11; U; Linux i686;
en-US; rv:1.4) Gecko/20030624]  The image link was:

<IMG =
SRC=3D"http://www.idigde=
als.com/mem.php?Z2RpbndpZGRpZUBtaW4ubmV0"><br>

in the message source.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: