6.0.0-beta1
7/19/25

[#12886] IMP leaks E-mail message viewed status via SVG remote images
Summary IMP leaks E-mail message viewed status via SVG remote images
Queue IMP
Queue Version 6.1.6
Type Bug
State Not A Bug
Priority 1. Low
Owners
Requester roshansemba+hordebugs (at) gmail (dot) com
Created 12/22/2013 (4227 days ago)
Due
Updated 12/30/2014 (3854 days ago)
Assigned 12/26/2013 (4223 days ago)
Resolved 12/30/2014 (3854 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
12/30/2014 06:29:38 PM Michael Slusarz State ⇒ Not A Bug
 
01/22/2014 05:48:39 AM Michael Slusarz Comment #7
State ⇒ Stalled		 Reply to this comment
Since I have not received instructions allowing me to reproduce, 
marking as stalled.
01/08/2014 06:49:09 PM Michael Slusarz Comment #6 Reply to this comment
Any suggestions you may have on what to look at are welcome.  My 
installation is fairly standard, running on an Ubuntu 12.04 server, 
with the Horde installation done via Pear.
Are you using the PHP package provided by Ubuntu?  I believe that is 
PHP 5.3.10.  That is ancient.  My guess is that your PHP is too old 
(and or the libxml component) and some bug has been fixed since then 
that is the root cause of this issue for you.

FWIW, I am running PHP 5.4.22 on my system (libxml 2.9.1).
12/27/2013 12:08:29 AM roshansemba+hordebugs (at) gmail (dot) com Comment #5 Reply to this comment
I'm not able to reproduce using ANY browser.  On *multiple* 
different OS's.  (Win 7, Ubuntu 13, WinXP; Chrome, FF, IE, and 
Chromium).
I've just verified using IE11 on Win 7 as well, and see the same test 
coming up red.  That's four browsers, on two different computers.
So it sounds like something specific to your setup unless you can 
show otherwise.
Any suggestions you may have on what to look at are welcome.  My 
installation is fairly standard, running on an Ubuntu 12.04 server, 
with the Horde installation done via Pear.  I can try setting up a 
completely new Horde/IMP installation, but that's the most extreme and 
heavy next step for me.
12/26/2013 11:53:39 PM Michael Slusarz Comment #4 Reply to this comment
I'm able to reproduce consistently using FF26 and Chrome 31 on 
Windows 7, as well as Chrome 32 on Ubuntu Linux.
I'm not able to reproduce using ANY browser.  On *multiple* different 
OS's.  (Win 7, Ubuntu 13, WinXP; Chrome, FF, IE, and Chromium).

https://emailprivacytester.com/bcccb9a686e0c162

So it sounds like something specific to your setup unless you can show 
otherwise.
12/26/2013 11:42:26 PM roshansemba+hordebugs (at) gmail (dot) com Comment #3 Reply to this comment
I'm able to reproduce consistently using FF26 and Chrome 31 on Windows 
7, as well as Chrome 32 on Ubuntu Linux.  FF didn't have any 
extensions installed, and the tests on Chrome were done using an 
incognito window in which no extensions were enabled.

The only test which triggers is the "SVG inline with remote image" test.

For example: https://emailprivacytester.com/2af95e57fd721a41
12/26/2013 11:31:51 PM Michael Slusarz Comment #2
Priority ⇒ 1. Low
State ⇒ Feedback		 Reply to this comment
Can't reproduce.  Viewing the e-mail doesn't load the SVG image 
automatically (or anything, for that matter - meaning that IMP passes 
the privacy tester check 100%).

FWIW, I'm using FF 26/Win 7.
12/22/2013 04:32:34 PM roshansemba+hordebugs (at) gmail (dot) com Comment #1 (Private)
Priority ⇒ 3. High
Type ⇒ Bug
Summary ⇒ IMP leaks E-mail message viewed status via SVG remote images
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
[Hidden]
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers