Closed
Bug 344724
Opened 18 years ago
Closed 16 years ago
Thunderbird Options window should discourage users from enabling JavaScript
Categories
(Thunderbird :: Preferences, enhancement)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 453943
People
(Reporter: jruderman, Unassigned)
Details
JavaScript in mail is arguably more dangerous than JavaScript in web pages, because of the possibility of worms when a hole is known. So dveditz and I think that maybe Thunderbird's Options window should have text discouraging users from enabling JavaScript. Just relying on most people not opening the Options window, and most people not having a reason to enable JavaScript, might not be sufficient to prevent the spread of worms. Consider a message that ends with "You must have JavaScript enabled to see the rest of this message", for example. Or perhaps there are communities where lots of users have JavaScript enabled in mail, and worms could spread within those communities.
Comment 1•18 years ago
|
||
Why not just remove the UI altogether, and maybe have a way to enable JS on a per-message basis?
Updated•16 years ago
|
Assignee: mscott → nobody
Comment 2•16 years ago
|
||
As of Thunderbird 2, there is no GUI (besides about:config) anymore. But I would recommend removing the pref altogether, further reducing the attack surface of Thunderbird - a significant portion of vulnerabilities are purely theoretical until one enables JS in Thunderbird. What are the legitimate use cases for JavaScript in mail, anyway? How do other mail clients handle this?
Comment 3•16 years ago
|
||
(In reply to comment #2) > I would recommend removing the pref altogether, further reducing the attack > surface of Thunderbird - a significant portion of vulnerabilities are purely > theoretical until one enables JS in Thunderbird. It seems this will be done some way or another, see bugs 453943 and 453928.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•