Thunderbird Security Hole: Wrong E-Mail Quoted

I’m not sure how widespread this problem is. However in the last week or two I vaguely noticed extra text at the bottom of some messages I was replying to. At first I thought it was more of that annoying top posting where my correspondents kept adding their comments to the top of a message and not bothering to delete what had gone before. However, when I took a closer look at some it I was shocked. It was coming out of my Inbox. Somehow Thunderbird was appending text from other unrelated messages in my Inbox to the replies I was sending to different correspondents!

This is a very serious problem. I don’t want my publishers to see the negotiation strategies I set up with my agents. I don’t want my colleagues to see my notes to my wife. The problem could range from embarrassing to disastrous, depending on who gets which e-mail. I don’t want my wife to see my correspondence with the jeweler before our anniversary.

I have filed a bug with Mozilla about this. So far I have only noticed this problem with Thunderbird 1.5.0.9 on Mac OS X 10.4. I cannot reproduce it on command, though it is frequent. It is possible there is a corrupt file system or Inbox involved somehow. However, the extra text from the wrong messages only seems to come up in the Compose window when I’m replying. I do not see the wrong text when I am merely reading e-mail.

For your own safety, if you use Thunderbird, please do not top post. Please do carefully check the full text of everything you send out, quoted text included. If you notice the same problem, especially on a different platform or version, add a comment to the Bugzilla report. And if you happened to get any weird messages from me in the loast week or so? Please delete them. Thanks.

Leave a Reply