[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities

On 2/28/06, Daniel Veditz <dveditz@xxxxxxxxxx> wrote:

> Once a user has pressed the "Show Images" button--not the best label
> since it covers all remote content--that state is stored in the mailbox
> metadata/index file (.msf) and the remote content will then be loaded on
> future viewings.

Hmmm. I didn't realise the "Show Images" setting got stored, and I
don't think that's the best strategy from a privacy point of view.  I
take it you mean "stored for that one message", and not "stored for
all messages from that sender", or "stored for all messages" - but
still .... it would be better to not store it at all, IMHO.  Users can
always add senders to their Address Book if they want to evade the
"block-images" feature.

How about displaying more option buttons when remote images have been blocked ?
e.g. :
    Show remote images this time only
    Always show remote images when this message is viewed
    Always show remote images from this sender
    Always show remote images

Nick Boyce
Never fdisk after midnight