Closed Bug 176165 Opened 22 years ago Closed 22 years ago

Please forbid *any* off-host interaction in response to an email

Categories

(MailNews Core :: Security, defect)

Product:
MailNews Core
Component:
Security
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 28327

People

(Reporter: hpa, Assigned: security-bugs)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020828
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020828

It should be an option to forbid *any* off-site interaction in response to an
email, i.e. fetching anything that is not part of the email message itself. 
It's a very common technique for spammers to send HTML containing images or
framesets, and register the resulting URL interaction as, in effect, a return
receipt -- thus guaranteeing that you will receive more spam.  This could also
be used in other situations to know that the recipient has opened the message,
without the recipient having any opportunity to override.  This is therefore a
security hole.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true

*** This bug has been marked as a duplicate of 28327 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.