Closed
Bug 547568
Opened 15 years ago
Closed 15 years ago
Spammers can force thunderbird to show inline porn images.
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 322533
People
(Reporter: dosergio, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Build Identifier: 20090605 up to the current version 3.0
I received some messages (spam) comming from porn advertisers.
And they are being successfull to load their images without thunderbird to block, as thunderbird usually do in other messages.
Reproducible: Always
Steps to Reproduce:
I will paste here part of the message source code for you to analise.
They load the image in a different section of the message, and put it as image source with cid: identifier !
-----------------------------------------------------------------------------
MIME-Version: 1.0
Content-Type: Multipart/related;
type="multipart/alternative";
boundary="------------C2318E1B.78010102"
--------------C2318E1B.78010102
Content-Type: Multipart/Alternative;
boundary="------------F7B0B2DD.2B5F7913"
--------------F7B0B2DD.2B5F7913
Content-Type: Text/Plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--------------F7B0B2DD.2B5F7913
Content-Type: Text/HTML;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<body>
snowshine platerer unappreciable hyperphysically=2E typobar overleaf, na=
to uncurling, nontrunked independentism ramets harmed
kistfuls archipelagoes<br>
<img src=3D"cid:103C0EED=2EB1800F91"><br>
foreordains opulency indecomposableness summerize=2E upcountry filesave,=
instates blurts, subtrochanteric=2E<br>
</body>
</html>
--------------F7B0B2DD.2B5F7913--
--------------C2318E1B.78010102
Content-Type: image/png;
name="vasiferous.png"
Content-Transfer-Encoding: base64
Content-ID: <103C0EED.B1800F91>
iVBORw0KGgoAAAANSUhEUgAAAIcAAADwCAMAAAAdHodBAAADAFBMVEVcRTiyl4f5//1OS0mI
alSpjHiqyLyx0MvU0NCLpZxscm7St6oxLCt0jYxLNCvgyrp4ZVPt1suahXLs//7a/v0LDAqY
(.....)
Actual Results:
Thunderbird loads and show offensive images without detecting and blocking them.
Expected Results:
Thunderbird should detect the trick, block the images and show a "Show Images" button.
I have tested even in the most recent version (3.0) and the problem of the Porn Images being shown in the message without thunderbird detection and blocking, remains.
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•