Closed Bug 244593 Opened 20 years ago Closed 20 years ago

Pref to disable loading of external objects in Mozilla Mail

Categories

(MailNews Core :: Backend, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 28327

People

(Reporter: bugzilla, Assigned: sspitzer)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7) Gecko/20040514
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.7) Gecko/20040514

Now there are 3 prefs which can help user to keep his privacy during reading mails.

javascript.allow.mailnews
mailnews.message_display.allow.plugins
mailnews.message_display.disable_remote_image

But this is not sufficient. If the user receives HTML mail with tag like <iframe
src="http://www.example.com/?userid=43943847384783"></iframe>, the iframe is
loaded and the user can be still identified (his IP address, OS, time when he
read this mail etc.)

Similar problem is for tag <link rel="stylesheet"
href="http://www.example.com/?userid=43943847384783"> 
You can even use external protocols like <img src="rlogin://www.mozilla.org:80">
 (see bug #167475).

If we want to keep user privacy, there should be some global pref e.g.
mailnews.message_display.disable_remote_objects, which will prevent loading all
external objects (like iframes, *.css etc.).

Reproducible: Always
Steps to Reproduce:

*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
For the iframe issue see Bug 243306.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.