536610 - Canceling the master password prompt lets you read offline mail messages

Status: VERIFIED DUPLICATE of bug 318697

(Thunderbird :: Security, enhancement)

Description

[Carl Menezes]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Lightning/1.0b2pre Thunderbird/3.0

It is not clear that the master password does not protect your offline mail messages from being read.

I realize that the master password is there to protect your login credentials to mail servers. However, if offline access is enabled on an IMAP account, the messages are downloaded and canceling the master password dialog allows you to read past mail messages, even though it does not allow you to fetch new messages.

To me, a master password should protect access to everything. If it only protects logins, it should be called the login password, to make it clear that there is a loop hole. Mail messages are pretty personal and there should be a mechanism to protect access to them, even when they have been downloaded for offline access.

Reproducible: Always

Steps to Reproduce:
1. Use an IMAP account. 
2. Enable Offline access.
3. Set a master password. 
4. Fetch your mail messages. Restart once done.
5. On restart, click cancel when prompted for the master password.
Actual Results:  
The dialog goes away and you're allowed to click on messages that have been downloaded and read them.

Expected Results:  
You should not have access to anything, except maybe a mechanism to remind you of the master password. If you have forgotten it, well then you would need to setup everything from scratch.

There really needs to be SOME mechanism that allows a user to secure access to mail with a single password.

Comment 1

[Robert Longson [:longsonr]]

See also bug 16489, bug 35308