BugTraq
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 06:59PM
Renaud Lifchitz (r lifchitz sysdream com) (2 replies)
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 11:57PM
Steve Shockley (steve shockley shockley net)
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:17PM
Daniel Veditz (dveditz cruzio com) (4 replies)
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Mar 01 2006 08:23PM
Nick Boyce (nick boyce gmail com) (1 replies)
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Mar 02 2006 11:09PM
Daniel Veditz (dveditz cruzio com)
Nick Boyce wrote:
> Hmmm. I didn't realise the "Show Images" setting got stored, and I
> don't think that's the best strategy from a privacy point of view.

It surprised me, too. The threat model was spammers trying to verify
live addresses, and in that model loading a webbug multiple times is no
worse than loading it once. Mail usage spying like the "ReadNotify"
service was apparently not considered.

> I take it you mean "stored for that one message",

Yes, just that one message.

[ reply ]
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Feb 28 2006 10:57PM
Renaud Lifchitz (r lifchitz sysdream com)


 

Privacy Statement
Copyright 2010, SecurityFocus