hardening thunderbird/mailnews via configuration

VERIFIED WONTFIX

Status

Thunderbird
Security
--
enhancement
VERIFIED WONTFIX
12 years ago
9 years ago

People

(Reporter: georgi - hopefully not receiving bugspam, Assigned: dveditz)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sge:nse])

hardening thunderbird/mailnews via configuration

i believe that the following 2 configuration options significantly reduce
html/xbl/javascript attacks in thunderbird/seamonkey mail:

1. view -> message body as -> plaintext
2. mail.html_compose = false; mail.identity.default.compose_html=false

in addition 3:
remove the user interface option "allow javascript/plugins" in mailnews.

obviously these options have a cost (C) - nice features like 'color: pink;'
'font-size: 30;',<blink>, <marquee> and others will stop working.

imho some of the users will be ready to pay (C) for some extra security,
some will not - users have a choice. probably a poll on this issue on some
community site will give some statistics.

so propose the following:
make 1 and 2 default options with instructions/ui option for reverting them

and/or

document this stuff at least on:
http://www.mozilla.org/security/
Tips for Using Email Securely
(Reporter)

Updated

11 years ago
Whiteboard: [sge:nse]
marking this [sge:nse]
David, Brian any thoughts on what we will do for TB 3.0 ?
(In reply to comment #0)
> i believe that the following 2 configuration options significantly reduce
> html/xbl/javascript attacks in thunderbird/seamonkey mail:
> 
> 1. view -> message body as -> plaintext

I guess this would be more secure than Simple HTML, but I thought Simple was a white list and therefore likely to be fairly secure and still allow for regular font and color choices to come through.

> 2. mail.html_compose = false; mail.identity.default.compose_html=false

I'm not sure how this makes things more secure, I don't see how writing HTML emails opens a person up to attack.
>> 2. mail.html_compose = false; mail.identity.default.compose_html=false

>I'm not sure how this makes things more secure, I don't see how writing HTML
>emails opens a person up to attack.

there were real exploits with "reply to/forward inline" - editor renders malicious stuff supplied by an attacker.

another exploit possibility is "mailto:" URI.

Comment 5

9 years ago
I think this would be sacrificing ux way too much to be worth it. 
Besides, it needs to be secure for all users, not just the ones that want to view html mails the way they were intended. (Simple HTML also has various quirks...)

WONTFIX?
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.