Closed
Bug 244593
Opened 20 years ago
Closed 20 years ago
Pref to disable loading of external objects in Mozilla Mail
Categories
(MailNews Core :: Backend, enhancement)
MailNews Core
Backend
Tracking
(Not tracked)
People
(Reporter: bugzilla, Assigned: sspitzer)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7) Gecko/20040514 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7) Gecko/20040514 Now there are 3 prefs which can help user to keep his privacy during reading mails. javascript.allow.mailnews mailnews.message_display.allow.plugins mailnews.message_display.disable_remote_image But this is not sufficient. If the user receives HTML mail with tag like <iframe src="http://www.example.com/?userid=43943847384783"></iframe>, the iframe is loaded and the user can be still identified (his IP address, OS, time when he read this mail etc.) Similar problem is for tag <link rel="stylesheet" href="http://www.example.com/?userid=43943847384783"> You can even use external protocols like <img src="rlogin://www.mozilla.org:80"> (see bug #167475). If we want to keep user privacy, there should be some global pref e.g. mailnews.message_display.disable_remote_objects, which will prevent loading all external objects (like iframes, *.css etc.). Reproducible: Always Steps to Reproduce:
*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
For the iframe issue see Bug 243306.
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•