Open Bug 1584717 Opened 3 years ago Updated 2 months ago

TB doesn't safe users from tracking links encapsulating the entire mail's html body

Categories

(Thunderbird :: Message Reader UI, enhancement)

enhancement

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: www, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Steps to reproduce:

Received a mail containing tracking link like this:

</head><a href="http://bit.do/e9bEc#mWX…a3kDW4e5JQdUk">
<body style=

The <a>nchor is not even being closed after the </body> :/

Actual results:

I clicked on the white space and thus undisclosed to the tracker that the eMail has been read.

Expected results:

Thunderbird should never allow tracking links in eMails.
This is a basic feature i expect from the client.
If we fail to implement something decent and VERY contemporary,
people will give up using a standalone client all over.

Blocks: mail-scam

I made an e-mail like so

<html>
  <head>
    <meta http-equiv="content-type" content="text/html;
      charset=windows-1252">
  </head><a href="http://bit.do/e9bEc#mWXa3kDW4e5JQdUk">
  <body>
  HUHU<br>HUHU
  </body>

</html>

and the entire e-mail appears as a like and shows the target when hovered. Leaving out the text in the body doesn't give anything to click on and nothing happens.

What am I missing? Magnus, does this look like a problem to you?

Flags: needinfo?(mkmelin+mozilla)

Doesn't appear to be a problem. With no content, there is nothing to click -> nothing opens. With content, there is a link, like there would be - you have the choice to click it or not.

So unless there is something we're missing, this bug is invalid.

Flags: needinfo?(mkmelin+mozilla)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.