bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

Incoming email with huge "To:" list hangs Thunderbird



MailNews Core
3 years ago
2 years ago


(Reporter: Mark B. Rosenthal, Unassigned)



Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36

Steps to reproduce:

What did I do?  I simply clicked "Get Mail".  Unfortunately some spammer had sent me an email with a "To:" header containing just under 20,000 email addresses.  Of course I didn't know this right away.  All I knew was that Thunderbird suddenly displayed its spinner and in OS-X's Activity Monitor, the line for the Thunderbird process said the process was not responding.  15 minutes later, the spinner was still spinning and Activity Monitor was still displaying "process not responding".  At that point, I killed the process and then restarted Thunderbird.  But about 4 or 5 seconds after restarting Thunderbird, the spinner reappeared and Thunderbird again stopped responding.  I tried that several times, always with the same result.

At this point, I killed off Thunderbird and started examining various text files in Thunderbird's Profile directory.  Eventually I noticed that one of the emails near the end of ~/Library/Thunderbird/Profiles/<randomly-generated-name>/Mail/<mailserver-name>/Inbox was obvious spam, and that its "To:" header contained 19,113 email addresses spread across 29 lines.  I edited the Inbox file to remove that email and deleted Inbox.msf so Thunderbird could regenerate it.  When I restarted Thunderbird, the problem was gone.

Thunderbird users can't control what's in the emails that people (esp. spammers) send to them.  Since this bug means that any malicious email sender can disable any recipient's Thunderbird installation by sending an email with a "To:" list that's too large, I'm flagging this as something that should be kept hidden from the public until it is resolved.

Actual results:

Thunderbird hung (i.e. stopped responding) when it received an email with a "To:" header containing 19,113 email addresses spread across 29 lines.

Expected results:

Ideally, Thunderbird should just have handled it like any other email.  But if any incoming email blows some limit and Thunderbird can't be made to handle it, it would be far better for Thunderbird to drop that one email on the floor and notify the user of what it's done than for Thunderbird to hang, thereby denying the user access to all of his emails.
Group: core-security
This is a perf bug more than a security one. Moving on where this bug belongs.
Component: Untriaged → Backend
Keywords: perf
Product: Thunderbird → MailNews Core
See Also: → bug 460605

Comment 2

2 years ago
probably a duplicate of bug 843639
Severity: normal → major
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 843639
You need to log in before you can comment on or make changes to this bug.