Closed Bug 321846 Opened 20 years ago Closed 19 years ago

Security: Deleting a junk mail opens other junk mails

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 209748

People

(Reporter: gorgonz, Assigned: mscott)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8) Gecko/20051111 Firefox/1.5 I'm using imap, but i remember that i also saw this with pop3. If you mark an email as junk, then it is deleted as wanted, but as next step another junk mail is selected and opened for preview Reproducible: Always Steps to Reproduce: 1. Set preferneces of manually marked junk to: delete it immediatelly 2. I'm using an imap account at web.de that collects junk in a folder "Unerwünscht" 3. get new messages for your mail account 4. select folder "Unerwünscht" 5. You see a mixture of mails, part of it marked as junk by junk control (None is selected nore shown as preview) -> great! 6. select a mail of kind 'no junk' in the column 'junk status' Actual Results: The email is deleted -> correct The next (junk-)email gets selected and is previewed Expected Results: A mail, that has status junk, should not be previewed! Especially since the new worm 'wmf-exploit', there should be a careful handling with security features. I would call it a blocker, but I leave the decision to the community
Some note concerning the version. Installed 1.5 RC1. Since publication of RC2, iI tried a view time to activate update in thunderbird, but no update was found.
Related to bug 323794 -> Core bug 209748?
I agree with the reportert of that bug. I'd raise the severity from "normal" to "major" or even "critical". Marking a mail as junk which has not been detected and moved automaticaly moves that mail to the junk folder. If you have another mail open in preview, lets say a non junk mail, the currently selected row (not mail!) remains the same in the message list when the junk mail is moved out. Therefore the list gets shorter and another mail is openend in preview - one which might be ok to open or not. If no message was selected before the foxus jumps to the first mail in the message list. From the behaviour I observe I'd say that the state of the currently opened mail is kept as the row number in the message list. The problem is that as soon as you open a mail which was not recognized as junk all the included remote items are loaded which reports back to the spammer that you openend the mail and hence validates your address. Recommended behaviour: The currently selected mail should remain selected if junk mail is moved out. If no mail was selected before, none should be selected after. Please raise the severity, change status to confirmed and change OS to "All"
The dupe has been fixed. It is still possible for other actions to open a junk message -- for instance, if you delete a message and the next message in the list is This is *not* a security issue, however. Thunderbird does not run executable attachments, and by default it does not run scripts. Nor does it load remote images (i.e. web bugs) unless the sender is in your white list, but even if it did, that isn't a security issue. *** This bug has been marked as a duplicate of 209748 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.