HTML Mail loads css stylesheet even if images and plugins are disabled

RESOLVED DUPLICATE of bug 28327

Status

RESOLVED DUPLICATE of bug 28327
16 years ago
14 years ago

People

(Reporter: mozillabug, Assigned: sspitzer)

Tracking

({privacy})

Trunk
x86
All
privacy

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
Hi,
One of the many spam mails caught my attention: Nicely formatted with colors and
fonts. It showed that the mail contained a reference to the stylesheet on the
originating spammers homepage. 
As the feature "no plugins and images in mail" is - in my eyes - mainly to
prevent spammers from including images like logo.gif?receipt=you@your.domain
this is easily to circumvent with stylesheets named like this...

I'm using Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1) Gecko/20020826

I hope not to produce a duplicate - done my best searching this enormous
bugzilla. Thanks for this nice product.

Comment 1

16 years ago
I can confirm this bug with Mozilla 1.0.2 on Windows ME.

I have set the following Prefecences under "Privacy & Security":
Cookies: [x] Disable Cookies in Mail and Newsgroups
Images: [x] Do not load remote images in Mail & Newsgroup messages

However, external stylesheets are still being loaded (allowing tracking of spam
delivery) and a cookie is still being set for this http request (I believe there
is already an open bug for this).

This bug is already being exploited by, for example, the RedHat "Under the brim"
Newsletter. It refers to a personified stylesheet that tracks my reading of
their newsletter.
Keywords: privacy
OS: Windows NT → All

Comment 2

16 years ago

*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.