Package: icedove Version: 1.5.0.10.dfsg1-3 Severity: important
When a received email message displayed in Icedove has remote images, by default, Icedove refuses to load the remote images. In this case, Icedove displays a banner above the message, "To protect your privacy, Icedove has blocked remote images in this message." The banner includes a button labeled "Show Images". Just now, I did not click the "Show Images" button, but used the reply operation to open a Compose window, and Icedove included the original message as quoted content *including the blocked image*. I have reproduced this questionable behavior with a second (spam) message. This seems to be a privacy/security bug in the normally very privacy-conscious Icedove. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages icedove depends on: ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy ii libatk1.0-0 1.20.0-1 The ATK accessibility toolkit ii libc6 2.7-3 GNU C Library: Shared libraries ii libcairo2 1.4.10-1 The Cairo 2D vector graphics libra ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libgcc1 1:4.2.2-4 GCC support library ii libglib2.0-0 2.14.3-1 The GLib library of C routines ii libgtk2.0-0 2.12.1-1 The GTK+ graphical user interface ii libjpeg62 6b-14 The Independent JPEG Group's JPEG ii libpango1.0-0 1.18.3-1 Layout and rendering of internatio ii libpng12-0 1.2.15~beta5-3 PNG library - runtime ii libstdc++6 4.2.2-4 The GNU Standard C++ Library v3 ii libx11-6 2:1.0.3-7 X11 client-side library ii libxcursor1 1:1.1.9-1 X cursor management library ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio ii libxft2 2.1.12-2 FreeType-based font drawing librar ii libxi6 2:1.1.3-1 X11 Input extension library ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library ii libxrandr2 2:1.2.2-1 X11 RandR extension library ii libxrender1 1:0.9.4-1 X Rendering Extension client libra ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii myspell-en-us [myspell- 1:2.3.0-2 English_american dictionary for my ii zlib1g 1:1.2.3.3.dfsg-7 compression library - runtime icedove recommends no packages. -- debconf information: icedove/browser: Debian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
