Closed Bug 367372 Opened 18 years ago Closed 18 years ago

Do not download images in newsgroups by default

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: u49640, Assigned: mscott)

References

(
URL
)

Details

(Keywords: privacy) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Build Identifier: Version 1.5.0.9 (20061207)

the spam linked above posted the following content:

Path: vietwist00.chello.at!newsfeed02.chello.at!newsfeed01.chello.at!newsfeed.arcor.de!newsfeed.kamp.net!newsfeed.kamp.net!213.239.142.2.MISMATCH!feed.xsnews.nl!border-1.ams.xsnews.nl!192.87.166.29.MISMATCH!txtfeed2.tudelft.nl!tudelft.nl!txtfeed1.tudelft.nl!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!pd7cy1no!pd7cy2no!shaw.ca!pd7urf1no.POSTED!53ab2750!not-for-mail
X-Trace-PostClient-IP: 68.146.240.32
From: (deleted)
Newsgroups: de.comp.sys.mac.lokale-netze
Subject: Testing
X-Newsreader: Mozilla/4.0 (comp4tible; MSIE 5.0; Windows BS; Zbinladen Poster)
Content-Type: text/html
Lines: 26
Message-ID: <hKgrh.688245$R63.658251@pd7urf1no>
Date: Wed, 17 Jan 2007 03:29:17 GMT
NNTP-Posting-Host: 64.59.135.176
X-Complaints-To: abuse@shaw.ca
X-Trace: pd7urf1no 1169004557 64.59.135.176 (Tue, 16 Jan 2007 20:29:17 MST)
NNTP-Posting-Date: Tue, 16 Jan 2007 20:29:17 MST
Organization: Shaw Residential Internet
Xref: newsfeed02.chello.at de.comp.sys.mac.lokale-netze:31991

<HTML>
<HEAD>
<META NAME="GENERATOR" Content="Microsoft DHTML Editing Control">
<TITLE></TITLE>
</HEAD>
<BODY>
<P>Amazing Hot Sexy! Free Videos! <A 
href="http://(deleted).com">http://(deleted).com</A> Free Images! These 
videos&nbsp;are hotter than a 3 week crash course in MK-Ultra 90!</P>
<P>Al-Zulu<IMG 
src="http://www.(deleted).com/pics/logobig.gif" border=0></P>

<P>&nbsp;</P>
</BODY>
</HTML>

and thunderbird downloaded the image without asking me!

Thunderbird should *never* download images in a newsgroup post. 
It works fine with emails, but not with news posts.

this *could* lead to security issues since there *may* be bugs in the image rendering component that *could* be exploited.

And it is of course a huge privacy issue (Web Bugs,...)

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
I'm sure this must have a dupe somewhere. Not a security exploit, nor a secret so clearing the security-sensitive flag.
Group: security
Keywords: privacy
Whiteboard: DUPEME
As of bug 367529 this is not an issue. You now get an image blocked bar.
->WFM
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.