Closed Bug 266462 Opened 20 years ago Closed 20 years ago

external/remote css is always loaded, unlike images. (loophole in the so called privacy protection)

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 28327

People

(Reporter: janklopper, Assigned: mscott)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10.1

If i send myself an email with a css stylesheet functioning as a web-bug.
The images are blocked like they should to make sure any webbugs are disabled
untill a users clicks the button view images.
But the external css (which might also contain a webbug) just gets loaded, 
I think we should change the button from load images to load external files,
although external files might be harder for the users to understand.


Reproducible: Always
Steps to Reproduce:
1.Load a html mail with an external css stylesheet
2.use the css stylesheet as a webbug (calling to dynamic script storing the view
and perhaps the email adres it got called from)
3.notice the call to the css stylesheet file

Actual Results:  
i can register if the email is opened (and if i code the webbug right, i can
also see which email adres has done so)

Expected Results:  
disabled the external css, untill the users presses the button show images. and
actually protect the privacy.

*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.