Closed
Bug 331906
Opened 18 years ago
Closed 18 years ago
Unicode characters in spam bypass image blocking
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: bugzilla1, Assigned: dveditz)
References
()
Details
Attachments
(1 file)
|
27.95 KB,
message/rfc822
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Build Identifier: Thunderbird version 1.5 (20051201) In some recent spam emails, Unicode characters are used to bypass image blocking to show an image and track users. Reproducible: Always Steps to Reproduce: 1.have image blocking enabled 2.open affected spam message Actual Results: An image appears Expected Results: It should be blocked
Summary: Unicode characters bypass image blocking in spam → Unicode characters in spam bypass image blocking
|
||
Comment 2•18 years ago
|
||
It's not blocked because the image in the attached mail is not a remote image (the only image is inline) -> no privacy concerns.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
(In reply to comment #2) > It's not blocked because the image in the attached mail is not a remote image > (the only image is inline) -> no privacy concerns. > Are you sure? Why doesn't it show up as an attachment?
|
|
||
Comment 4•18 years ago
|
||
Yes I'm sure. Inline images in HTML mails do not (and are not supposed to) show up as attachments. You can easily verfy by sending one to yourself- use Insert -> Image... and choose a gif/jpg/png file.
You need to log in
before you can comment on or make changes to this bug.
Description
•