Allow user to set a policy to limit messages from accessing external sites

VERIFIED DUPLICATE of bug 28327

Status

VERIFIED DUPLICATE of bug 28327
18 years ago
10 years ago

People

(Reporter: ilya.konstantinov+future, Assigned: security-bugs)

Tracking

Trunk
x86
Linux

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

18 years ago
Cause:
HTML messages can embed various media and data items (via IMG, OBJECT, LINK etc.
tags) from external sites. Major mailings commonly employ this technique to
minimize the size of the mail message by not embedding the graphical items, but
this technique can also allow unauthorized return of a "delivery notification",
especially to spammers. The HTML message could trigger an HTTP request to a
distant server with a unique ID. By this ID, the unsolicited mailer could know
which of his mail gets read (and even more - by which mailer software) and tag
the email address for sending further mail.

Solution:
It's not up to me to decide whether this would be disabled by default (since it
might confuse novice users), but advanced users should be granted to an option
to disable HTTP access from mail messages and to manually allow certain mail
addresses to do external site access. For example, upon receiving a mailing from
Lycos or Infobeat, the user would add their addresses to allow external site
access in mail origing from them.

Comment 1

18 years ago
I think this is a duplicate.

Comment 2

18 years ago

*** This bug has been marked as a duplicate of 28327 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE

Comment 3

18 years ago
Marking VERIFIED DUPLICATE.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.