[28352] in bugtraq
Re: Potential disclosure of sensitive information in Netscape 7.0 email client
daemon@ATHENA.MIT.EDU (Bartek Raszczyk)
Thu Jan 2 13:31:47 2003
Date: Thu, 2 Jan 2003 00:38:35 +0100
From: Bartek Raszczyk <crayfish@underground.org.pl>
Reply-To: Bartek Raszczyk <crayfish@underground.org.pl>
Message-ID: <10120777576.20030102003835@underground.org.pl>
To: bugtraq@securityfocus.com
In-Reply-To: <004801c2b187$b3d35cb0$6500a8c0@dilbert>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello Michael,
Wednesday, January 1, 2003, 12:19:49 PM, you wrote:
MP> Netscape 7.0 includes, as part of it's release, an email client, capable of
MP> handling POP3 and IMAP accounts. The method that the email client utilizes
MP> to permanently delete email messages is not explained, which could lead to
MP> users having large quantities of email messages, which they would think of
MP> as permanently deleted, still stored in clear text on their hard disks.
The same applies to Ritlab's The Bat! (up to version 1.60c i'm
currently using).
The Bat! stores all of the messages in
$thebathome\mail\$accountname\$foldername\Messages.tbb and
status information in Messages.tbi (without customization and
message filtering all mail goes to $foldername named inbox).
All messages remain there until Folder|Compress function is used.
The question is - is that a feature or a bug?
I'm using The Bat! for nearly three years now and it's there
from where I can remember (although there were dozen or so version changes).
--
Best regards,
Bartek Raszczyk mailto:crayfish@underground.org.pl
