Closed Bug 74308 Opened 24 years ago Closed 18 years ago

[RFE] Mozilla should not allow Bcc: header setting by mailto: url

Categories

(MailNews Core :: Composition, enhancement)

Product:
MailNews Core
Component:
Composition
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID
Milestone:
Future

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

Mozilla allows the Bcc header to be set by a mailto: URL. The mailto spec recommends against this, though I don't entirely understand why. The spec says: A mail client should never send anything without complete disclosure to the user of what is will be sent; it should disclose not only the message destination, but also any headers. Unrecognized headers, or headers with values inconsistent with those the mail client would normally send should be especially suspect. MIME headers (MIME- Version, Content-*) are most likely inappropriate, as are those relating to routing (From, Bcc, Apparently-To, etc.) (http://www.ietf.org/rfc/rfc2368)
Marking NEW.
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Mozilla allows Bcc header to be set by mailto: URL → [RFE] Mozilla should not allow Bcc: header setting by mailto: url
Status: NEW → ASSIGNED
Target Milestone: --- → Future
Keywords: mozilla1.0.1
Keywords: mozilla1.0.1mozilla1.2
Keywords: mozilla1.2mozilla1.3
Product: MailNews → Core
I'm not sure what exposure exists any more - AFAIK all header information is displayed for both suite and TB.
Assignee: ducarroz → nobody
Status: ASSIGNED → NEW
QA Contact: esther
at mail composition and send time we show all those headers? I'm not sure if that's true or not...if we did, I think this would be OK.
invalid based on comment 2 and comment 3
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.