GNOME Bugzilla – Bug 663843
Evolution has preview pane defaulted to on with no global preference option to turn preview off
Last modified: 2012-02-06 12:39:27 UTC
Evolution 3.2.1 Downstream bug https://bugzilla.novell.com/show_bug.cgi?id=726020 You have to manually go into each and every folder, including JUNK, and turn the preview pane off. This is a massive security hole! The default MUST be OFF and there MUST be a GLOBAL OPTION. Reproducible: Always Steps to Reproduce: 1.Fresh install OpenSuSE 12.1 RC 1 2.Restore your Evolution email from a backup 3.preview pane turned on for all folders Actual Results: preview pane turned on for all folders Expected Results: preview pane should either honor the prior settings from the backup OR default to OFF for all folders since that is the only secure option. This is a MASSIVE security hole. Any virual junk mail in your junk (or any other folder) will be automatically executed simply by entering the folder and having that message be on top.
Oh bullshit. Having a global ON/OFF option for might be a nice enhancement, but I'm not gonna entertain it when worded like this.
*** This bug has been marked as a duplicate of bug 669445 ***
(In reply to comment #0) > This is a MASSIVE security hole. Any virual junk mail in your junk (or any > other folder) will be automatically executed simply by entering the folder and > having that message be on top. Script are not executed and there are settings for automatically downloading images from the net (or not): http://library.gnome.org/users/evolution/3.2/mail-displaying-images-in-html.html If the original reporter still sees a security hole s/he should elaborate and provide exact examples / testcases for such emails.