Closed Bug 367372 Opened 18 years ago Closed 18 years ago

Do not download images in newsgroups by default

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: u49640, Assigned: mscott)

References

(
URL
)

Details

(Keywords: privacy)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Build Identifier: Version 1.5.0.9 (20061207) the spam linked above posted the following content: Path: vietwist00.chello.at!newsfeed02.chello.at!newsfeed01.chello.at!newsfeed.arcor.de!newsfeed.kamp.net!newsfeed.kamp.net!213.239.142.2.MISMATCH!feed.xsnews.nl!border-1.ams.xsnews.nl!192.87.166.29.MISMATCH!txtfeed2.tudelft.nl!tudelft.nl!txtfeed1.tudelft.nl!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!pd7cy1no!pd7cy2no!shaw.ca!pd7urf1no.POSTED!53ab2750!not-for-mail X-Trace-PostClient-IP: 68.146.240.32 From: (deleted) Newsgroups: de.comp.sys.mac.lokale-netze Subject: Testing X-Newsreader: Mozilla/4.0 (comp4tible; MSIE 5.0; Windows BS; Zbinladen Poster) Content-Type: text/html Lines: 26 Message-ID: <hKgrh.688245$R63.658251@pd7urf1no> Date: Wed, 17 Jan 2007 03:29:17 GMT NNTP-Posting-Host: 64.59.135.176 X-Complaints-To: abuse@shaw.ca X-Trace: pd7urf1no 1169004557 64.59.135.176 (Tue, 16 Jan 2007 20:29:17 MST) NNTP-Posting-Date: Tue, 16 Jan 2007 20:29:17 MST Organization: Shaw Residential Internet Xref: newsfeed02.chello.at de.comp.sys.mac.lokale-netze:31991 <HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft DHTML Editing Control"> <TITLE></TITLE> </HEAD> <BODY> <P>Amazing Hot Sexy! Free Videos! <A href="http://(deleted).com">http://(deleted).com</A> Free Images! These videos&nbsp;are hotter than a 3 week crash course in MK-Ultra 90!</P> <P>Al-Zulu<IMG src="http://www.(deleted).com/pics/logobig.gif" border=0></P> <P>&nbsp;</P> </BODY> </HTML> and thunderbird downloaded the image without asking me! Thunderbird should *never* download images in a newsgroup post. It works fine with emails, but not with news posts. this *could* lead to security issues since there *may* be bugs in the image rendering component that *could* be exploited. And it is of course a huge privacy issue (Web Bugs,...) Reproducible: Always Steps to Reproduce: 1. 2. 3.
I'm sure this must have a dupe somewhere. Not a security exploit, nor a secret so clearing the security-sensitive flag.
Group: security
Keywords: privacy
Whiteboard: DUPEME
As of bug 367529 this is not an issue. You now get an image blocked bar. ->WFM
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.