Closed Bug 242232 Opened 21 years ago Closed 21 years ago

Message lists displayed before password is entered; should not be displayed to prevent snooping.

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 318697

People

(Reporter: loup-bugzilla, Assigned: mscott)

Details

User-Agent: Opera/7.23 (Windows NT 5.0; U) [en] Build Identifier: 20040207 When starting Thunderbird 0.5, the message list for the INBOX folder is shown before the password is entered. Even if the password is not entered, I can still click on other folders and get messages lists displayed. Although I cannot open messages without entering a password, I would not want just anyone to be able to see even the message subjects and recipients/senders either. No message information should be shown until the user is authenticated. Reproducible: Always Steps to Reproduce: 1. Start mozilla thunderbird. 2. Message list is shown behind the "Enter your password" box. 3. Click "Cancel" on the password box 4. Message list is still visible. 5. Click on other folders (the folder list also should not visible without a password). If the folder had been viewed in a previous authenticated session, then the folder will display a list of messages for anyone to see. Actual Results: The list of messages in my folders was visible. Expected Results: No message information should be shown until the user is authenticated. The message list should be blank. Even the folder list should not be shown. No special information. This occurs under both Win XP and Win 2000.
http://texturizer.net/thunderbird/tips.html#beh_imappassword
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
mscott@mozilla.org pointed me to http://texturizer.net/thunderbird/tips. html#beh_imappassword. This was somewhat helpful, but it does not tell me what file to put the given text lines into. Please tell which file I am supposed to type this into. I tried putting it in "security-prefs.js", but that didn't change anything. Also, why is this not default behaviour? Why does it require editing config files to gain this basic level of security? Will this be changed/added as a config option by version 1.0?
Resolution: INVALID → DUPLICATE
You need to log in before you can comment on or make changes to this bug.