Yes but you have to choose to view the original html or it doesn’t do anything. So, by default, users will not be automatically exploited. They have to get a bad email and then choose menu options for that one email to then be able to click on a link which then might have content…
This is why it was considered a “moderate” security issue. It isn’t a drive by exploit where you send mail to people and then something happens to them. They have to actively cooperate to be exploited. It is a bug, yes, but it isn’t as bad as was being painted the other day here. Al From: nb.linux nb.linux Reply: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Date: January 27, 2014 at 10:56:17 AM To: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Subject: Re: [tor-talk] Thunderbird leak When I opened that email and set View/Message Body As/Original HTML, Torbirdy did not prevent the tab to load nor refuse to display the HTML. (Maybe this is intended, because Torbirdy only focuses on normal email accounts(?)) -- Al Billings http://makehacklearn.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
