Closed
Bug 181338
Opened 22 years ago
Closed 22 years ago
Mail still executes remote Flash and sound files in spam messages
Categories
(SeaMonkey :: MailNews: Account Configuration, enhancement)
Tracking
(Not tracked)
People
(Reporter: d_h_l_h, Assigned: racham)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1) Gecko/20020826 When viewing a received HTML email, Mozilla executes remote files such as Flash programs and sound files even if the "do not load remote images" setting is checked in the preferences. Then enables spammers to track who receives their email even though remote image loading is disabled. It also means that Mozilla will automatically play a sound file out load when viewing an email. Could this setting be changed to block Mail from making any automatic connections to remote servers other than one's own mail server? Reproducible: Always Steps to Reproduce: 1. Read an HTML email message with embedded sounds or Flash. 2. 3. Actual Results: Sounds or movies are automatically downloaded from a remote server and played. Expected Results: Not play any remote files, animations, or sounds. This is the body of the spam message that caused this: <HTML><BODY BGCOLOR=3D#FFFFFF><object classid=3D"clsid:D27CDB6E-AE6D-11cf-9= 6B8-444553540000" codebase=3D"http:/download.macromedia.com/pub/shockwave/= cabs/flash/swflash.cab#version=3D5,0,0,0" width=3D"18" height=3D"18"> <par= am name=3Dmovie value=3D"http://www.OurOneRate.com/ad/newsound.swf"><param= name=3Dquality value=3Dhigh><embed src=3D"http://www.FamilyOneRate.com/ad= /newsound.swf" quality=3Dhigh pluginspage=3D"http:/www.macromedia.com/shoc= kwave/download/index.cgi?P1_Prod_Version=3DShockwaveFlash" type=3D"applica= tion/x-shockwave-flash" width=3D"18" height=3D"18"></embed></object><TABLE= WIDTH=3D600 BORDER=3D0 CELLPADDING=3D0 CELLSPACING=3D0 align=3D"center"><= TR><TD COLSPAN=3D3><IMG SRC=3D"http://www.OneRateNow.com/ad/images/long-di= stance_01.gif" WIDTH=3D600 HEIGHT=3D57></TD><TD><IMG SRC=3D"http://www.Our= OneRate.com/ad/images/spacer.gif" WIDTH=3D1 HEIGHT=3D57></TD></TR><TR><TD>= <IMG SRC=3D"http://www.FamilyOneRate.com/ad/images/long-distance_02.gif" W= IDTH=3D378 HEIGHT=3D31></TD><TD COLSPAN=3D2 ROWSPAN=3D2><IMG SRC=3D"http:/= /www.OneRateNow.com/ad/images/long-distance_03.gif" WIDTH=3D222 HEIGHT=3D2= 18></TD><TD><IMG SRC=3D"http://www.OurOneRate.com/ad/images/spacer.gif" WI= DTH=3D1 HEIGHT=3D31></TD></TR><TR><TD ROWSPAN=3D2><IMG SRC=3D"http://www.F= amilyOneRate.com/ad/images/long-distance_04.gif" WIDTH=3D378 HEIGHT=3D282>= </TD><TD><IMG SRC=3D"http://www.OneRateNow.com/ad/images/spacer.gif" WIDTH= =3D1 HEIGHT=3D187></TD></TR><TR><TD><IMG SRC=3D"http://www.OurOneRate.com/= ad/images/long-distance_05.gif" WIDTH=3D69 HEIGHT=3D95></TD><TD><map name=3D= "FPMap0"><area href=3D"https://FamilyOneRate.com" shape=3D"rect" coords=3D= "0, 0, 152, 94"></map><IMG SRC=3D"http://www.OneRateNow.com/ad/images/long= -distance_06.gif" WIDTH=3D153 HEIGHT=3D95 usemap=3D"#FPMap0" border=3D"0">= </TD><TD><IMG SRC=3D"http://www.OurOneRate.com/ad/images/spacer.gif" WIDTH= =3D1 HEIGHT=3D95></TD></TR><TR><TD COLSPAN=3D3><IMG SRC=3D"http://www.Fami= lyOneRate.com/ad/images/long-distance_07.gif" WIDTH=3D600 HEIGHT=3D53></TD= ><TD><IMG SRC=3D"http://www.OneRateNow.com/ad/images/spacer.gif" WIDTH=3D1= HEIGHT=3D53></TD></TR></TABLE><div align=3D"center"><b><font face=3D"Verd= ana, Arial, Helvetica, sans-serif" size=3D"1">Please <a href=3D"http://opt= -out.opmnet.net">click here</a> if you wish to be removed from this mailin= g list</font></b></div></BODY></HTML>
Comment 1•22 years ago
|
||
Edit > Preferences > Advanced > Scripts & Plugins disable plugins in mail. Why the mail people put this pref there, I have no clue.
Assignee: naving → racham
Component: Filters → Account Manager
QA Contact: laurel → nbaca
Comment 2•22 years ago
|
||
You can disable plugins for mailnews and if you want to disable all remote loading (which includes plugins) you mean bug 28327 *** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•