[Project_owners] Is this a remote web-bug in a Thunderbird extension hosted on mozdev?
Patrick Brunschwig
patrick.brunschwig at gmx.net
Tue Jan 16 04:48:09 PST 2007
Philip Chee wrote:
> DANGER WILL ROBINSON !
> <http://www.mozdev.org/source/browse/senderface/src/chrome/content/messageViewOverlay.js.diff?r1=1.3&r2=1.4>
>
> + var col = document.createElement("treecol");
> + col.setAttribute("id","myCol");
> + col.setAttribute("editable","true");
> + col.setAttribute("label","Face");
> + col.setAttribute("src",
> "http://taz.vv.sebank.se/cgi-bin/pts3/pow/img/nav_arrow_right.gif");
>
> This wasn't there in the previous version; and it isn't in the code of
> the extension this was based on (messagefaces).
>
> There does not seem to be any good reason to load remote content here. I
> mean the other extension, messagefaces, does optionally allow you to use
> remote content for your *faces* but it's a pref that is off by default;
> and it certainly doesn't load remote content for its UI. What does the
> mozdev T&C say about this sort of behaviour?
>
> Having said that, I can't imagine why on earth a Swedish bank would want
> to track Thunderbird users. Am I just being unnecessarily paranoid, or
> are the Gnomes of Zurich really out to get me?
I think the Gnomes of Zurich get you -- Zurich in in Switzerland, not in
Sweden :-)
Seriously, I don't think that such code is trustworthy and should be
removed. I hope this is just an error and the author actually wanted do
reuse the arrow from that bank (which I don't consider legal either).
-Patrick
More information about the Project_owners
mailing list