Closed
Bug 451840
Opened 16 years ago
Closed 16 years ago
downloads remote images when email forwarded
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 263345
People
(Reporter: dcsheppard, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Build Identifier: thunderbird build 2.0.0.16 (20080708)
For security reasons the remote images are not downloaded when the original email is displayed. However, because this was a phishing email I copied it to the appropriate reporting authority but I was shocked to find that the images had been downloaded in the copied email. Surely the remote images should still be blocked?
Reproducible: Always
Steps to Reproduce:
1.Copy email with remote images and forward.
Forward email has images displayed.
2.
3.
Actual Results:
Remote images are downloaded
Expected Results:
Remote images should be blocked
Comment 1•16 years ago
|
||
I'm not able to reproduce this in 2.0.0.16 on Windows. When I forward the message with an external image, a placeholder shows up with the alternate text, but no image, and the web server logs don't show the image as having been retrieved.
Can you try reproducing this with a non-phishing E-Mail? I wonder if the phishing E-Mail is doing something that's tricking the normal image blocking.
This was formerly a problem, but was fixed in bug 263345 by way of bug 330443. SeaMonkey has a similar bug 370552, which may be related.
Whiteboard: closeme 2008-09-11
Reporter | ||
Comment 2•16 years ago
|
||
Because my email server won't accept forwarded mail I actually selected all the email and copied and pasted to a new message. This pasted text showed the blocked images.
Comment 3•16 years ago
|
||
This is what my tests showed:
Actually forwarding or replying via the forward/reply commands do not load remote images. Copying the text into the composer does, however, load remote images. The text copy is most likely copying raw HTML, so the compose window is probably unable to differentiate between "I copied this from my browser", "I copied this from an email", and "I copied this from an email with remote images blocked.
Disabling remote images in compose for new types (compose disables for all but new compositions, unless overridden) is probably worse than enabling it.
In any case, the original specification of the bug, in email forwarding, is a duplicate of bug 263345.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Whiteboard: closeme 2008-09-11
You need to log in
before you can comment on or make changes to this bug.
Description
•