Closed Bug 218627 Opened 22 years ago Closed 22 years ago

MailNews client downloads remote content such as ShockwaveFlash embedded in HTML mails

Categories

(MailNews Core :: Security, enhancement)

x86
Windows 2000
enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 28327

People

(Reporter: kxr, Assigned: sspitzer)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827 Spam containing the HTML... <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" WIDTH="540" HEIGHT="275" id="form" ALIGN=""><PARAM NAME="movie" VALUE="http://www.cooltvoffers.net/order/flash/iv/ft/form-ft01.swf?Host=cooltvoffers&clid=1&gid=FT01&CID=103463"><PARAM NAME="menu" VALUE="false"><PARAM NAME="quality" VALUE="high"><PARAM NAME="bgcolor" VALUE="#FFFFFF"><EMBED src="http://www.cooltvoffers.net/order/flash/iv/ft/form-ft01.swf?Host=cooltvoffers&clid=1&gid=FT01&CID=103463" quality="high" bgcolor="#FFFFFF" WIDTH="540" HEIGHT="275" NAME="form" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED></OBJECT> ...displays the damn movie, even though I have ticked the "Do not load remote images in mail and newsgroup messages" (presumeably because it is simply throwing away <img>...</img> tags). However, any download can be used by spammers to verify that the mail is being received by an active mail account. I would have though that this option should be replaed (or added to) with a "don't download *any* content..." option. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Edit > Preferences > Advanced > Scripts & Plugins disable plugins in mail. If you want to disable all remote loading (which includes plugins) this is bug 28327 *** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.