[liberationtech] Thunderbird's Bug
Lluís Batlle i Rossell
viric at viric.name
Thu Apr 16 03:05:22 PDT 2015
That should be reported, definitely. Unfortunately, I think that
thunderbird is quite abandoned compared to what it had been before. Few
are investing time into developing or fixing a standalone e-mail program;
mozilla moved all forces to the browser side, for what I heard.
Another leak that you should be aware of is in embedding images into HTML.
The html img tag "alt" is set to the full path of the file in your disk,
revealing drives, directories, etc.
Regards,
Lluís.
On Tue, Apr 14, 2015 at 12:10:57PM +0100, Amin Sabeti wrote:
> Hi folks,
>
> It seems Thunderbird has a dangerous bug that can put people in risk.
>
> I have 5 various Gmail accounts on Thunderbird. Each Gmail address use its
> own Outgoing Server (SMTP). It means I have 5 smtp.googlemail.com. But for
> some reasons, SMTP for one Gmail ccount has been changed from the correct
> SMTP to another one. Consequently, if I don't check SMTP of my account on
> Thunderbird, the email will send through another email address to the
> recipient. For instance, I'd like to send an email from aminsabeti [at]
> gmail [dot] com to someone, if the SMTP has been changed, I think I'm
> sending my email via aminsabeti while the recipient will see from another
> email on my Thunderbird such as xyz at gmail.com!
>
> I hope my explanation is clear. This bug can be dangerous when people have
> their real email address and pseudonym email address on Thunderbird which
> has happened more than 10 times for me.
>
> I hope someone from Thunderbird is here and can fix this annoying bug which
> can be risky for people who live in some countries such as Iran.
>
> Cheers,
>
> Amin
> --
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.
--
Escriu-me sempre xifrat / Write always ciphered
PGP key D4831A8A - https://emailselfdefense.fsf.org/
More information about the liberationtech
mailing list