Closed
Bug 218627
Opened 22 years ago
Closed 22 years ago
MailNews client downloads remote content such as ShockwaveFlash embedded in HTML mails
Categories
(MailNews Core :: Security, enhancement)
Tracking
(Not tracked)
People
(Reporter: kxr, Assigned: sspitzer)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5b) Gecko/20030827
Spam containing the HTML...
<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0"
WIDTH="540" HEIGHT="275" id="form" ALIGN=""><PARAM NAME="movie"
VALUE="http://www.cooltvoffers.net/order/flash/iv/ft/form-ft01.swf?Host=cooltvoffers&clid=1&gid=FT01&CID=103463"><PARAM
NAME="menu" VALUE="false"><PARAM NAME="quality" VALUE="high"><PARAM
NAME="bgcolor" VALUE="#FFFFFF"><EMBED
src="http://www.cooltvoffers.net/order/flash/iv/ft/form-ft01.swf?Host=cooltvoffers&clid=1&gid=FT01&CID=103463"
quality="high"
bgcolor="#FFFFFF" WIDTH="540" HEIGHT="275" NAME="form" ALIGN=""
TYPE="application/x-shockwave-flash"
PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED></OBJECT>
...displays the damn movie, even though I have ticked the "Do not load remote
images in mail and newsgroup messages" (presumeably because it is simply
throwing away <img>...</img> tags).
However, any download can be used by spammers to verify that the mail is being
received by an active mail account. I would have though that this option should
be replaed (or added to) with a "don't download *any* content..." option.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1•22 years ago
|
||
Edit > Preferences > Advanced > Scripts & Plugins
disable plugins in mail.
If you want to disable all remote loading (which includes plugins)
this is bug 28327
*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•21 years ago
|
Product: MailNews → Core
Updated•17 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•