Closed
Bug 911769
Opened 11 years ago
Closed 11 years ago
Emails disclosure on Thunderbird
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: fabiancuchietti, Unassigned)
Details
Attachments
(1 file)
2.27 MB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release) Build ID: 20130814063812 Steps to reproduce: Hello Mozilla Security, I discovered an issue in "Earlybird / Thunderbird" Read mails without having an access password thunderbird, this allows full disclosure of emails a user. Attached a video as proof of concept. Steps to reproduce: Open Mozilla and go to the following directory: file:///C:/Users/{PC-USER}/AppData/Roaming/Thunderbird/Profiles/j1k1jwpq.default/ImapMail/imap.googlemail.com/%5BGmail%5D.sbd/Todos I have read the emails without having to get your password, Regards.
Reporter | ||
Comment 2•11 years ago
|
||
"Dupeme" what mean this?
Reporter | ||
Comment 3•11 years ago
|
||
This issue is considered valid?
Comment 4•11 years ago
|
||
Thunderbird makes no promises to data security on the local machine and is not designed for multiple users from the same log in. If users are concerned about data security, they should use OS level protection, or other security applications to sandbox Thunderbird in a way that can only be accessed by password.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•