Open Bug 565670 Opened 14 years ago Updated 2 years ago

Information disclosure when using notifications and xscreensaver

Categories

(Thunderbird :: OS Integration, defect)

x86_64
Linux
defect

Tracking

(Not tracked)

REOPENED

People

(Reporter: sochotnicky, Unassigned)

References

Details

(Keywords: privacy)

User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.5.9-2.fc12 Firefox/3.5.9 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.4 When using notifications for incoming emails thunderbird apparently places them on top of all windows, even above screensaver. This is fine during normal execution, but should be disabled when xscreensaver is visible, because information about last unread emails can be disclosed. Reproducible: Always Steps to Reproduce: 1. Turn on email notifications in preferences (on by default) 2. Start xscreensaver and wait until it turns on (or turn it on manually with xscreensaver-command -lock) 3. Send email to set-up account from another computer 4. Watch monitor Actual Results: Notification about incoming email and last unread emails is shown on top of xscreensaver even though screen is locked. Expected Results: No notification should be shown. I can see 2 solutions: 1. Turn off notifications while screen saver is running 2. Make notifications appear on lower level (not on-top)
Component: Security → OS Integration
Keywords: privacy
QA Contact: thunderbird → os-integration
See Also: → 135563
Dimitris, can you reproduce this?
Flags: needinfo?(dimitrisglaros)
Theo, is this something you can test?
Flags: needinfo?(dimitrisglaros) → needinfo?(theo)
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #2) > Theo, is this something you can test? Unfortunately I can’t be of much help here, I’m using macOS these days, and notifications on lockscreen are a feature there
Flags: needinfo?(theo)
Walt, can you test?
Flags: needinfo?(schw01)
Yes, I can. I installed xscreensaver and set it to start after 2 minutes. Set my POP and IMAP accounts to check for mail every five minutes. Sent an email from each account to the other using Thunderbird 52.0b3 on Ubuntu 16.04 LTS. Let the screensaver activate. The Notification appeared on top of the screensaver when the accounts received the mail.
Flags: needinfo?(schw01)
Walt, thanks for testing
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #6) > Walt, thanks for testing Hmm, did you accidentally close as WORKSFORME? I read the test as confirming my original bugreport - i.e. the notifications appear above the screensaver - I am asserting they should not do that.
(In reply to Stanislav Ochotnicky from comment #7) > (In reply to Wayne Mery (:wsmwk, NI for questions) from comment #6) > > Walt, thanks for testing > > Hmm, did you accidentally close as WORKSFORME? I read the test as confirming > my original bugreport - i.e. the notifications appear above the screensaver > - I am asserting they should not do that. Sorry, I meant to ask the same question, but got busy with other things and forgot. I did confirm your findings.
Flags: needinfo?(vseerror)
Anyone can reopen a bug :)
Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(vseerror)
Resolution: WORKSFORME → ---
I'll leave this [1] here as a potential starting point for someone to dig into this. [1]: https://www.jwz.org/xscreensaver/faq.html#popup-windows
Severity: normal → S3
See Also: → 1810513
You need to log in before you can comment on or make changes to this bug.