Closed Bug 296190 Opened 19 years ago Closed 18 years ago

mailto is automatically opened upon page-visit without javascript enabled

Categories

(Firefox :: File Handling, defect)

Product:
Firefox
Component:
File Handling
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 181860

People

(Reporter: floris, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:dos]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

It is allowed apperantly to have a mailto: url in an img tag. This will
automatically open the default mailclient and starts a new message.

See URL for results. Sometimes it opens 3 mail windows, sometimes 1. 

Since the default mailclient could be anything, a javascript injection could be
possible. In my case, even though I have thunderbird installed as DEFAULT,
Firefox STILL OPENED Outlook Express!

Internet Explorer features the same bug.

Reproducible: Always

Steps to Reproduce:
1. make a page with <img src="mailto:whatever">
2. load page
3.

Actual Results:  
opens a new mail window

Expected Results:  
disallow mailto in passive urls such as images and NOT open a mail window
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:dos]
Group: security

*** This bug has been marked as a duplicate of 181860 ***
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.