|
Bugtraq
mailing list archives
Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
From: "Nick Boyce" <nick.boyce () gmail com>
Date: Wed, 1 Mar 2006 20:23:12 +0000
On 2/28/06, Daniel Veditz <dveditz () cruzio com> wrote:
Once a user has pressed the "Show Images" button--not the best label
since it covers all remote content--that state is stored in the mailbox
metadata/index file (.msf) and the remote content will then be loaded on
future viewings.
Hmmm. I didn't realise the "Show Images" setting got stored, and I
don't think that's the best strategy from a privacy point of view. I
take it you mean "stored for that one message", and not "stored for
all messages from that sender", or "stored for all messages" - but
still .... it would be better to not store it at all, IMHO. Users can
always add senders to their Address Book if they want to evade the
"block-images" feature.
How about displaying more option buttons when remote images have been blocked ?
e.g. :
Show remote images this time only
Always show remote images when this message is viewed
Always show remote images from this sender
Always show remote images
Nick Boyce
--
Never fdisk after midnight
 By Date 
By Thread
Current thread:
| 
Intro
