Full Disclosure mailing list archives
Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities
From: Peter Besenbruch <prb () lava net>
Date: Wed, 01 Mar 2006 10:47:20 -1000
Steve Shockley wrote:
Renaud Lifchitz wrote:Mozilla Thunderbird : Multiple Information Disclosure VulnerabilitiesThe css part of this "exploit" is actively used by Intellicontact (or whatever they call themselves this week), the host of the factcheck.org mailing list. For example:<LINK href=http://mail1.icptrack.com/track/relay.php?r=###&msgid==###&act=####&admin=0&destination=http://www.factcheck.org/styles/subpage_nn.css type=text/css rel=stylesheet>To work around this, set: user_pref("mailnews.display.html_as", 3);
A value of 1, rendering HTML as text, would be even better, I would think. A value of 2, simply showing the HTML source, is the safest of all. I'm not a big fan of HTML in e-mail, sanitized, or otherwise.
-- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Mozilla Thunderbird : Multiple Information Disclosure Vulnerabilities Peter Besenbruch (Mar 01)