Please note, this is a STATIC archive of website developer.mozilla.org from November 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.

Cookies In Thunderbird

This content covers features introduced in Thunderbird 3

In versions of Thunderbird prior to 3 the cookie policy was very restrictive (to RSS only). Thunderbird 3 uses the Gecko cookie policy with some changes. 

  • Any non-mailnews url/location has cookies enabled, e.g., remote content.
  • Remote content in emails will be able to use cookies, but only if the user chooses to accept view remote content on the email.
  • Viewing RSS feed items as web pages allows cookies.

These are all subject to the Gecko cookie policy allowing the cookies based on its internal policies and the user's preferences.

Risks

The new cookie policy could pose dangers or risks in the following areas or ways:

  • Allows emails to associate cookies with email addresses
    • <img src="https://tracker.net/[email protected]">, tracker.net sets a cookie, later page views read the cookie and email address/profile
    • Scenario: nytimes.com sends daily news per mail with embedded web bug, and from then on tracks all RSS reads with email address/identity.

References

  • See the Cookies tag for more information about cookies in Gecko.

 

Document Tags and Contributors

 Contributors to this page: kscarfone, chrisdavidmills, Marsf, BenB, Standard8
 Last updated by: kscarfone,