On Feb 24, 9:09 pm, Mark Banner <mban...@mozilla.com> wrote: > Since Thunderbird 2, we've had a bug on file [1] where forms in email > can't be submitted. This was due to how we changed our content handling > to allow tabs that can view web pages. > > Whilst I think we could fix this, the more I think about it, the more I > am concerned about the security implications of forms in emails. > > I think the biggest concern is from phishing attacks - e.g. a user > receives an email with form elements due to their bank having issues and > needing to log in. > > With no indication of where the submission is going to, the user could > be at serious risk. > > I should note, this is only a problem where the user selects to view > "Original HTML". Viewing plain text or "Simple HTML" isn't an issue. > > So I don't think it is right to "fix" form handling to just work as it > used to, but I'm not sure about the way forward. > > I can see a couple of options: > > - Don't allow the display of the form at all, even in original html mode. > - Somehow hook into the form submission, or the email display and > indicate where the form will be submitted to. > > I'm not sure if the latter is possible, or sensible from a security > perspective. > > Does anyone else have any ideas, suggestions, comments? > > Mark. > > [1]https://bugzilla.mozilla.org/show_bug.cgi?id=533545
Mail.app allows form submissions and users switching from Mail expect similar behaviour with TB. I understand the phishing risks but for enterprise apps, its critical to have form submissions in mail clients. Simple option is to have form submissions enabled via a preference, and set it to disabled by default. Syd _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security