Closed Bug 295650 Opened 20 years ago Closed 16 years ago

invalid from header could bypass remote image blocker

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: mscott, Unassigned)

Details

Found this interesting post in mozilla zine but I haven't tried it out yet:

While it works fine when the "From" address is valid, I have received junk mail with
From: "ALU OPRITTEN" <>
in the message header and a remote image link in the body. The image is
displayed even though this invalid address does not appear in my Personal
Address Book. If I uncheck the option
Allow remote images if the sender is in my: Personal Address Book
The image is not displayed any more.
Target Milestone: --- → Thunderbird1.1
I replaced several messages to have a From header of:
"ALU OPRITTEN" <>

and was unable to reproduce this problem. We still blocked the remote images
from loading. Maybe you have an empty address book card in your AB or something?


xref bug 232388 -- patch at bug 202169.
moving off the 1.1 list since I was unable to reproduce this.
Target Milestone: Thunderbird1.1 → ---
QA Contact: front-end
Assignee: mscott → nobody
Component: Mail Window Front End → Security
Keywords: qawanted
QA Contact: front-end → thunderbird
WFM per comment 3, and no testcase.
resolving WFM
Status: NEW → RESOLVED
Closed: 16 years ago
Keywords: qawanted
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.