User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 If you click the cancel logon several times, then try to Command-Q quit, there is small window of time where it is possible to mouse-click an inbox or local folder and then eventually to click or double-click a previously received message and be able to read it. This effectively bypasses the security of the logon - permitting unauthorized persons to read the mail. Each time you Command-Q while the logon prompt is up, there is a small window of time to do this before the logon prompt appears again. Aside, is that you should be able to Command-Q and actually quit instead of sending the logon prompt again. Reproducible: Always Steps to Reproduce: 1. click CANCEL on logon prompt several times. 2. Do a Command-Q to quit and quickly mouse-click a folder or message - repeat until you get to a previously downloaded message. 3. Do a Command-Q to quit and quickly double-click a message - this will open the message in the "reader" window so that you can read it. Actual Results: I was able to bypass the logon security and read previously received and stored in local folders - messages that should be secured. Expected Results: It should not be possible to read anything (mail - even folder names) until the logon security has been satisfied and completed successfully.

See bug 547436 comment 1. The Master Password feature only protects your mail credentials, not the messages themselves. You shouldn't rely on it to prevent people from reading already-downloaded messages.