css file in HTML mail is fetched

VERIFIED DUPLICATE of bug 28327

Status

VERIFIED DUPLICATE of bug 28327
16 years ago
10 years ago

People

(Reporter: bugzilla, Assigned: security-bugs)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
having the possibility to block remote image in HTML mail is nice, but we still 
fetch remote css files.
(Reporter)

Updated

16 years ago
Blocks: 168258
This sounds like a subset of the "no network hits reading mail" bugs, and
wouldn't the same solution apply? If you don't want things leaked then chose the
view as plain text option. Turning off images is more about loading time, not
privacy, with the plain-text option available.

Comment 2

16 years ago
Actually, that's (part of) what the Simple HTML feature is designed for. (I
added As Plain Text just because akk wanted it and it was not too hard :) ).

However, I lost track what all the bugs are about. We have the
- image-in-mail blocking (done)
- Simple HTML (done)  and
- bug 28327 (open)
I think this is a dup of one of the latter two.

Comment 3

16 years ago
I agree with Dan's comment 2 above and would think that this report is invalid.
 If you want the privacy when reading mail, then turn on view-as-plain-text.  If
you want performance, then turn off images.  But turning off .css is not a
performance issue, so the css files should not be blocked along with the images.


*** This bug has been marked as a duplicate of 22994 ***
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE

Comment 4

16 years ago
Oops, didn't mean to mark this as a dup.  Reopening.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Dupe of bug 28327, which several times mentions CSS as one avenue for privacy leaks.

*** This bug has been marked as a duplicate of 28327 ***
Status: REOPENED → RESOLVED
Last Resolved: 16 years ago16 years ago
Resolution: --- → DUPLICATE

Comment 6

16 years ago
V
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.