Mozilla 1.1 Alpha Released
Tuesday June 11th, 2002
mozilla.org today released the first post-1.0 milestone of Mozilla, Mozilla 1.1 Alpha. This release is coming off the trunk, and is not part of the 1.0 branch. There will likely be a 1.0.1 release off the branch at a later date. (Confused about how milestone numbers work after 1.0? Take a look at the Roadmap for a clearer picture.)
1.1a has a number of performance and UI fixes that took place on the trunk but didn't make it to the branch, like fastloading XUL, improved download manager control, and a number of other fixes. To see a more complete list of what's new, check out the Release Notes, or grab a build for yourself from either the Releases Page or the FTP Site and try it out.
#70 Privacy, security, and control
Thursday June 13th, 2002 9:42 AM
You are replying to this message
It's important for three main reasons:
If you view an HTML mail, the attacker (person who sent the mail) can determine whether you have read the mail because your browser will send image requests for any images in the mail.
Displaying HTML mail means that the entire 'bug capacity' of a huge rendering engine is available to any potential attacker. Any security-related bug in any part of the rendering engine is available for exploitation by emails. Plain-text display, by contrast, is much simpler for the browser and provides a much smaller subset of browser capabilities to be exploited.
(For example, every recent Microsoft Outlook or Outlook Express exploit has required HTML email. Including support for full, unfiltered HTML display in an email client is absolutely asking for trouble.)
Displaying email as plain text, or stripping formatting attributes from HTML (as the 'simple html' view does) means that you the reader has control over the appearance of your mail. If some *imbecile* decides to send you email with a stupid squared-paper background, or with blue on purple text, that's fine, because you don't see it.
This is important for email because most people read a lot of email so it has to be as efficient for them as possible.
Both the 'simple HTML' and 'plain text' views accomplish these goals, in a slightly different manner and to a slightly different extent. With these features, Mozilla may be able to become a relatively secure email client.