Closed
Bug 1387203
Opened 7 years ago
Closed 6 years ago
Thunderbird silently sent my private clipboard with email to a wide distribution list
Categories
(Thunderbird :: Message Compose Window, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1276391
People
(Reporter: jayrusman, Unassigned)
Details
(Keywords: privacy)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170629000000 Steps to reproduce: I sent an email. When I look at the email in the sent folder, it shows what I expect. The email I typed, and the email I saw on my screen. Actual results: When people replied to me, it is clear that Thunderbird silently pasted my CLIPBOARD into the email, which happened to be a private chat message with another person. I checked the sent message in Thunderbird, and it does NOT show my private chat message in the sent email. When I copy and paste the message to a Konsole terminal, the offending text is in the paste buffer. Somehow, Thunderbird is inserting hidden text, and not showing it to me. When I click reply, the offending text is not shown -- but again copy/paste to other window reveals the text. No text property changes I can alter in the edit window will reveal the offending text in Thunderbird. Expected results: Thunderbird should not have silently sent my clipboard out with an email. Or, the email in the sent folder should reflect what was sent to everyone else. Somewhere, somehow, Thunderbird effed me over here.
Comment 1•7 years ago
|
||
Please send me the message in question via e-mail. Drag it out into a file on the desktop or a folder (or use File > Save As) and send it to me as an attachment. You'll find my e-mail in my profile. There must have been something strange happening for chat to be copied to the outgoing message in an invisible form.
Once I forward the email, it shows up, the magic is lost. I'll clone and try to whittle the mailbox down to the one offending message, and then use a hex editor to redact non-shareable info.
Comment 3•7 years ago
|
||
(In reply to jayrusman from comment #2) > Once I forward the email, it shows up, the magic is lost. I'll clone and > try to whittle the mailbox down to the one offending message, and then use a > hex editor to redact non-shareable info. were you able to sort this out?
Flags: needinfo?(jayrusman)
Whiteboard: [closeme 2017-12-20]
Comment 4•6 years ago
|
||
If true, this would be very serious indeed. But we need more information
Severity: normal → major
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jayrusman)
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2017-12-20]
All private info removed from image and raw test below. Here's a screenshot of what I see in Thunderbird 52.5.0 (64-bit) under openSUSE Tumbleweed (up-to-date as of Jan 1st, 2018) https://i.imgur.com/MCidMZE.png Problem is that other people received the "HIDDEN TEXT" in plain view (which was a private IM message). My thunderbird does not show it to me in my email view, nor did it show it to me in the compose window. Clearly the IM text exists in the Inbox file, so it was indeed sent. It was between 'i' and 's' as shown by the red arrow in the imgur link. Here's the relevant (hopefully) raw text from Inbox file: ----------------------------------------------------------------- ... MIME-Version: 1.0 <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body text="#000000" bgcolor="#FFFFFF"> <div class="moz-cite-prefix">In general, i <div data-redactor-wrapper="1" style="position: absolute; left: -9999px;"> <div data-redactor="1">HIDDEN TEXT HIDDEN TEXT HIDDEN TEXT HIDDEN TEXT ♫♫♫♫</div> I</div> s there some sort of implied connection between xxx and xxx numbering in general?<br> <br> <br> ... ----------------------------------------------------------------- How did it get like that??
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---
Comment 6•6 years ago
|
||
(In reply to jayrusman from comment #5) > How did it get like that?? I'd like to know that, too. > <div class="moz-cite-prefix">In general, i > <div data-redactor-wrapper="1" style="position: absolute; left: > -9999px;"> > <div data-redactor="1">HIDDEN TEXT HIDDEN TEXT HIDDEN TEXT > HIDDEN TEXT ♫♫♫♫</div> > I</div> > s there some sort of implied connection between xxx and Somehow, between the "i" and the "s" in the screenshot, you pasted a HTML fragment from somewhere. That text isn't shown, since it's positioned absolute at X=-9999. Same complaint as in bug 1276391. Nothing we can do about this.
I wish for "text only pasting" option in preferences, where all text pasted is *never* taken as HTML.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago → 6 years ago
Resolution: --- → DUPLICATE
Comment 9•6 years ago
|
||
There is a "paste without formatting" already, sadly, it doesn't strip "crazy offsets", see bug 1342725.
You need to log in
before you can comment on or make changes to this bug.
Description
•