Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclos

from [Nick Boyce] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
Date: Wed, 1 Mar 2006 20:23:12 +0000 
On 2/28/06, Daniel Veditz <dveditz@cruzio.com> wrote:


Once a user has pressed the "Show Images" button--not the best label
since it covers all remote content--that state is stored in the mailbox
metadata/index file (.msf) and the remote content will then be loaded on
future viewings.


Hmmm. I didn't realise the "Show Images" setting got stored, and I
don't think that's the best strategy from a privacy point of view.  I
take it you mean "stored for that one message", and not "stored for
all messages from that sender", or "stored for all messages" - but
still .... it would be better to not store it at all, IMHO.  Users can
always add senders to their Address Book if they want to evade the
"block-images" feature.

How about displaying more option buttons when remote images have been blocked ?
e.g. :
    Show remote images this time only
    Always show remote images when this message is viewed
    Always show remote images from this sender
    Always show remote images

Nick Boyce
--
Never fdisk after midnight
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Evil side of Firefox extensions, Dave Korn
Next by Date:  NCP VPN/PKI Client - various Bugs, Ramon 'ports' Kukla
Previous by Thread:  Secunia Research: NetworkActiv Web Server Script Source Disclosure Vulnerability, Secunia Research
Next by Thread:  Re: [Full-disclosure] Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities, Daniel Veditz
Indexes:  [Date] [Thread] [Top] [All Lists]