Since Thunderbird 2, we've had a bug on file [1] where forms in email
can't be submitted. This was due to how we changed our content handling
to allow tabs that can view web pages.
Whilst I think we could fix this, the more I think about it, the more I
am concerned about the security implications of forms in emails.
I think the biggest concern is from phishing attacks - e.g. a user
receives an email with form elements due to their bank having issues and
needing to log in.
With no indication of where the submission is going to, the user could
be at serious risk.
I should note, this is only a problem where the user selects to view
"Original HTML". Viewing plain text or "Simple HTML" isn't an issue.
So I don't think it is right to "fix" form handling to just work as it
used to, but I'm not sure about the way forward.
I can see a couple of options:
- Don't allow the display of the form at all, even in original html mode.
- Somehow hook into the form submission, or the email display and
indicate where the form will be submitted to.
I'm not sure if the latter is possible, or sensible from a security
perspective.
Does anyone else have any ideas, suggestions, comments?
Mark.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=533545
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security