[tor-talk] Thunderbird leak
Al Billings
albill at openbuddha.com
Mon Jan 27 18:56:17 UTC 2014
Yes but you have to choose to view the original html or it doesn’t do anything. So, by default, users will not be automatically exploited. They have to get a bad email and then choose menu options for that one email to then be able to click on a link which then might have content…
This is why it was considered a “moderate” security issue. It isn’t a drive by exploit where you send mail to people and then something happens to them. They have to actively cooperate to be exploited. It is a bug, yes, but it isn’t as bad as was being painted the other day here.
Al
From: nb.linux nb.linux
Reply: tor-talk at lists.torproject.org tor-talk at lists.torproject.org
Date: January 27, 2014 at 10:56:17 AM
To: tor-talk at lists.torproject.org tor-talk at lists.torproject.org
Subject: Re: [tor-talk] Thunderbird leak
When I opened that email and set View/Message Body As/Original HTML,
Torbirdy did not prevent the tab to load nor refuse to display the HTML.
(Maybe this is intended, because Torbirdy only focuses on normal email
accounts(?))
--
Al Billings
http://makehacklearn.org
More information about the tor-talk
mailing list