Thunderbird - HTML mail dangerous?

Thunderbird - HTML mail dangerous?

am 15.04.2006 18:49:47 von dn

My understanding is that HTML email poses a security threat to a recipient
receiving it. I've started using Thunderbird but have some questions about
how it handles HTML mail. HTML mail that I receive all has a yellow
background but I can see the original format by going to view->message
body->original HTML. When I view mail and it has a yellow background, is
the HTML being interpreted/displayed by Thunderbird at all?

Should I be concerned about HTML mail in Thunderbird or has Thunderbird
closed HTML mail security holes?

Thanks.

Re: Thunderbird - HTML mail dangerous?

am 15.04.2006 20:26:02 von Sam

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-4423-1145125562-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

DN writes:

> My understanding is that HTML email poses a security threat to a recipient
> receiving it. I've started using Thunderbird but have some questions about
> how it handles HTML mail. HTML mail that I receive all has a yellow
> background but I can see the original format by going to view->message
> body->original HTML. When I view mail and it has a yellow background, is
> the HTML being interpreted/displayed by Thunderbird at all?
>
> Should I be concerned about HTML mail in Thunderbird or has Thunderbird
> closed HTML mail security holes?

There's nothing wrong with HTML itself. The only issues are with executing
Javascript, or displaying external image links. Thunderbird will not
execute Javascript. I do not recall if its default configuration displays
external image links.

All you need to verify is that external image display is turned off.



--=_mimegpg-commodore.email-scan.com-4423-1145125562-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBEQTq6x9p3GYHlUOIRAjwjAKCBeST9OhvD2dJ49CHP3iJB3iKeugCd GVvT
ppf/eMMyQwIPkCeqUht4Lf8=
=40NC
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-4423-1145125562-0001--