|
Full Disclosure
mailing list archives
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
From: Peter Besenbruch <prb () lava net>
Date: Wed, 01 Mar 2006 10:47:20 -1000
Steve Shockley wrote:
Renaud Lifchitz wrote:
Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
The css part of this "exploit" is actively used by Intellicontact (or
whatever they call themselves this week), the host of the factcheck.org
mailing list. For example:
<LINK href=http://mail1.icptrack.com/track/relay.php?r=###&msgid=
=###&act=####&admin=0&destination=http://www.factcheck.org/styles/subpage_nn.css
type=text/css rel=stylesheet>
To work around this, set:
user_pref("mailnews.display.html_as", 3);
A value of 1, rendering HTML as text, would be even better, I would
think. A value of 2, simply showing the HTML source, is the safest of
all. I'm not a big fan of HTML in e-mail, sanitized, or otherwise.
--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Peter Besenbruch (Mar 01)
|
Intro
