|
|
BugTraq
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 06:59PM Renaud Lifchitz (r lifchitz sysdream com) (2 replies) Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 11:57PM Steve Shockley (steve shockley shockley net) Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:17PM Daniel Veditz (dveditz cruzio com) (4 replies) Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Mar 01 2006 02:35AM Daniel Veditz (dveditz cruzio com) Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:57PM Renaud Lifchitz (r lifchitz sysdream com) Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:34PM Daniel Veditz (dveditz cruzio com) |
|
Privacy Statement |
> Once a user has pressed the "Show Images" button--not the best label
> since it covers all remote content--that state is stored in the mailbox
> metadata/index file (.msf) and the remote content will then be loaded on
> future viewings.
Hmmm. I didn't realise the "Show Images" setting got stored, and I
don't think that's the best strategy from a privacy point of view. I
take it you mean "stored for that one message", and not "stored for
all messages from that sender", or "stored for all messages" - but
still .... it would be better to not store it at all, IMHO. Users can
always add senders to their Address Book if they want to evade the
"block-images" feature.
How about displaying more option buttons when remote images have been blocked ?
e.g. :
Show remote images this time only
Always show remote images when this message is viewed
Always show remote images from this sender
Always show remote images
Nick Boyce
--
Never fdisk after midnight
[ reply ]