Closed Bug 230274 Opened 21 years ago Closed 20 years ago

iframes should be disabled if remote images are blocked

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 28327

People

(Reporter: lk, Assigned: mscott)

References

(Depends on 1 open bug)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
Build Identifier: Thunderbird 0.4 (20031205)

I have "Block loading of remote images in mail messages" set, and this works
fine.  But I just received an email from the International Herald Tribune (a
daily news email), and got this error after a few seconds:

    The operation timed out when attempting to contact ad.doubleclick.net.

I looked at the HTML source and found this:

<iframe SRC=3D"http://ad.doubleclick.net/adi/newsalert.iht.com;sz=3D468x60;=
ord=3D?" WIDTH=3D468 HEIGHT=3D60 MARGINWIDTH=3D0 MARGINHEIGHT=3D0 HSPACE=3D=
0 VSPACE=3D0 FRAMEBORDER=3D0 SCROLLING=3DNO>
<A HREF=3D"http://ad.doubleclick.net/jump/newsalert.iht.com;sz=3D468x60;ord=
=3D?" TARGET=3D"_top">
<IMG SRC=3D"http://ad.doubleclick.net/ad/newsalert.iht.com;sz=3D468x60;ord=
=3D?" BORDER=3D0 WIDTH=3D468 HEIGHT=3D60></A>
</iframe>

I think the purpose of blocking remote images is to thwart spammers who are
trying to verify valid email addresses by embedding the email address into the
image URL.  Executing iframes or IMG tags within iframes should similarly be
disabled.  More generally, all non-local URL access should be blocked.

Reproducible: Always

Steps to Reproduce:
i think you really want to be using:

View / Message Body As / Simple HTML or Plain Text.

That does what you are looking for.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Yikes!  Not at all, that gets rid of fonts and makes the emails look ugly.  What
is the purpose of the "Block loading of remote images in mail messages" feature?
 Why have it if spammers can just get around the problem with an iframe?  A big
reason why I use Thunderbird is that I can block remote images yet still read
nice-looking HTML mail.  Being forced to look at ugly emails is not a solution
at all.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
See bug 64066.
Probably depends on 64066.
Status: UNCONFIRMED → NEW
Depends on: 64066
Ever confirmed: true
*** Bug 236494 has been marked as a duplicate of this bug. ***
re comment 0-2: then it's a dup of 28327

*** This bug has been marked as a duplicate of 28327 ***
Status: NEW → RESOLVED
Closed: 21 years ago20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.