Closed
Bug 175258
Opened 22 years ago
Closed 22 years ago
HTML Mail loads css stylesheet even if images and plugins are disabled
Categories
(SeaMonkey :: MailNews: Message Display, defect)
Tracking
(Not tracked)
People
(Reporter: mozillabug, Assigned: sspitzer)
Details
(Keywords: privacy)
Hi,
One of the many spam mails caught my attention: Nicely formatted with colors and
fonts. It showed that the mail contained a reference to the stylesheet on the
originating spammers homepage.
As the feature "no plugins and images in mail" is - in my eyes - mainly to
prevent spammers from including images like logo.gif?receipt=you@your.domain
this is easily to circumvent with stylesheets named like this...
I'm using Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.1) Gecko/20020826
I hope not to produce a duplicate - done my best searching this enormous
bugzilla. Thanks for this nice product.
Comment 1•22 years ago
|
||
I can confirm this bug with Mozilla 1.0.2 on Windows ME.
I have set the following Prefecences under "Privacy & Security":
Cookies: [x] Disable Cookies in Mail and Newsgroups
Images: [x] Do not load remote images in Mail & Newsgroup messages
However, external stylesheets are still being loaded (allowing tracking of spam
delivery) and a cookie is still being set for this http request (I believe there
is already an open bug for this).
This bug is already being exploited by, for example, the RedHat "Under the brim"
Newsletter. It refers to a personified stylesheet that tracks my reading of
their newsletter.
Keywords: privacy
OS: Windows NT → All
Comment 2•22 years ago
|
||
*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•