Closed
Bug 176165
Opened 22 years ago
Closed 22 years ago
Please forbid *any* off-host interaction in response to an email
Categories
(MailNews Core :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: hpa, Assigned: security-bugs)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020828 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020828 It should be an option to forbid *any* off-site interaction in response to an email, i.e. fetching anything that is not part of the email message itself. It's a very common technique for spammers to send HTML containing images or framesets, and register the resulting URL interaction as, in effect, a return receipt -- thus guaranteeing that you will receive more spam. This could also be used in other situations to know that the recipient has opened the message, without the recipient having any opportunity to override. This is therefore a security hole. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Reporter | ||
Updated•22 years ago
|
Severity: normal → major
Updated•22 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 1•22 years ago
|
||
*** This bug has been marked as a duplicate of 28327 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•