BugTraq
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 06:59PM
Renaud Lifchitz (r lifchitz sysdream com) (2 replies)
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 11:57PM
Steve Shockley (steve shockley shockley net)
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:17PM
Daniel Veditz (dveditz cruzio com) (4 replies)
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Mar 01 2006 08:23PM
Nick Boyce (nick boyce gmail com) (1 replies)
On 2/28/06, Daniel Veditz <dveditz (at) cruzio (dot) com [email concealed]> wrote:

> Once a user has pressed the "Show Images" button--not the best label
> since it covers all remote content--that state is stored in the mailbox
> metadata/index file (.msf) and the remote content will then be loaded on
> future viewings.

Hmmm. I didn't realise the "Show Images" setting got stored, and I
don't think that's the best strategy from a privacy point of view. I
take it you mean "stored for that one message", and not "stored for
all messages from that sender", or "stored for all messages" - but
still .... it would be better to not store it at all, IMHO. Users can
always add senders to their Address Book if they want to evade the
"block-images" feature.

How about displaying more option buttons when remote images have been blocked ?
e.g. :
Show remote images this time only
Always show remote images when this message is viewed
Always show remote images from this sender
Always show remote images

Nick Boyce
--
Never fdisk after midnight

[ reply ]
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:57PM
Renaud Lifchitz (r lifchitz sysdream com)


 

Privacy Statement
Copyright 2010, SecurityFocus