Closed Bug 264828 Opened 20 years ago Closed 20 years ago

Remote IFRAMES in html-coded email are loaded

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 28327

People

(Reporter: bugreport, Assigned: mscott)

Details

Running GFI Software's email vulnerability tests, both Thunderbird 0.8 and
Mozilla 1.7.3 will load and attempt to open an IFRAME in an html-coded email. 
In both cases, image loading was disabled.

------=_NextPart_000_001D_01C1FC09.DE06D720
Content-Type:  text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<IFRAME src="http://www.gfisoftware.com/emailsecuritytest/exploit/sf.plx" 
width=0 height=0> </IFRAME>
No need for confidentiality, the bad guys know this one already.

This was supposed to be fixed, but it appears the fix only worked in thunderbird.

*** This bug has been marked as a duplicate of 28327 ***
Group: security
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.