Closed Bug 371482 Opened 17 years ago Closed 15 years ago

Thunderbird respond invisible link

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: mozilla.admin, Assigned: dveditz)

Details

(Keywords: privacy, Whiteboard: closeme 2009-02-20) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier: All version

When reading emails, thunderbird does not load remote images by default; however, when you respond or forward these emails, thunderbird automatically load remote images, which is extremely insecure and may inform the remote hackers to compromise user operating system and make users lose data.

Thunderbird, unlike webmail, cannot defend invisible link. There is a kind of emails contain "attachment" which is not actually attachment. When you read the email, the attachment immediately vanished and informed the remote hacker or spammers or some companies that you are reading these emails. At this time, you will find the "attachment" vanished and does not exist. Webmails like Yahoo! can defend this kind of malicious emails while thunderbird is unable to.

Please go to https://www.novell.com/ICSLogin/?%22http://www.novell.com/%22 to register an account and Novell will send you such a malicious email.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
They didn't seem to send me a mail when I signed up.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Thunderbird, unlike webmail, cannot defend invisible link. There is a kind of
emails contain "attachment" which is not actually attachment. When you read the
email, the attachment immediately vanished and informed the remote hacker or
spammers or some companies that you are reading these emails. At this time, you
will find the "attachment" vanished and does not exist. Webmails like Yahoo!
can defend this kind of malicious emails while thunderbird is unable to.

Please go to https://www.novell.com/ICSLogin/?%22http://www.novell.com/%22 to
register an account and Novell will send you such a malicious email.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Summary: Load remote image and respond invisible link → Thunderbird respond invisible link
Actually, I want to state invisible link issues. When I paste my statement to this website, I do not know why I also put paste remote image issue with invisible link together causing confusion. Right now, it is clear.
what version(s) did you test this with?
Keywords: privacy
All version thunderbird has this problem. From thunderbird 1.5 I reported half a year ago to thunderbird 2.0.
Using "Add an attachment", please attach an email file (.eml) which demonstrates the problem. Feel free to remove personal identifying information.  Thanks.
Whiteboard: closeme 2009-02-20
RESO INCO per lack of response to last question. If you think this change was made in error, please respond with your reasons why to this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago15 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.