Open Bug 1584717 Opened 3 years ago Updated 2 months ago

TB doesn't safe users from tracking links encapsulating the entire mail's html body


(Thunderbird :: Message Reader UI, enhancement)



(Not tracked)



(Reporter: www, Unassigned)


(Blocks 1 open bug)


User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Steps to reproduce:

Received a mail containing tracking link like this:

</head><a href="…a3kDW4e5JQdUk">
<body style=

The <a>nchor is not even being closed after the </body> :/

Actual results:

I clicked on the white space and thus undisclosed to the tracker that the eMail has been read.

Expected results:

Thunderbird should never allow tracking links in eMails.
This is a basic feature i expect from the client.
If we fail to implement something decent and VERY contemporary,
people will give up using a standalone client all over.

Blocks: mail-scam

I made an e-mail like so

    <meta http-equiv="content-type" content="text/html;
  </head><a href="">


and the entire e-mail appears as a like and shows the target when hovered. Leaving out the text in the body doesn't give anything to click on and nothing happens.

What am I missing? Magnus, does this look like a problem to you?

Flags: needinfo?(mkmelin+mozilla)

Doesn't appear to be a problem. With no content, there is nothing to click -> nothing opens. With content, there is a link, like there would be - you have the choice to click it or not.

So unless there is something we're missing, this bug is invalid.

Flags: needinfo?(mkmelin+mozilla)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.