Thunderbird: how to disable javascript?

User Help for Mozilla Thunderbird
Post Reply
cariboost
Guest

Thunderbird: how to disable javascript?

Post by cariboost »

The latest security advisory from Mozilla says that until the next release it is advisable to "Disable JavaScript until a version containing these fixes can be installed."

I can't find this option on my version 2.0..0.1.4

Any suggestions?
User avatar
tanstaafl
Moderator
Posts: 49647
Joined: July 30th, 2003, 5:06 pm

Re: Thunderbird: how to disable javascript?

Post by tanstaafl »

javascript.allow.mailnews defaults to false in my copy of 2.0.0.14. It controls whether to allow JavaScript in newsgroup messages and e-mails to execute. You can double check that using tools -> options -> advanced -> general -> config editor. At one time there was a checkbox in tools -> options to set that preference but it was removed in later versions, and disabled by default.

http://kb.mozillazine.org/Javascript.allow.mailnews

I couldn't find the advisory you are talking about. The latest one at http://www.mozilla.org/security/#Security_Alerts states "Security Update (May 1, 2008): A security update has been issued for Thunderbird that fixes moderate security vulnerabilities when JavaScript is enabled in mail. All users should install this security and stability update." (i.e. 2.0.0.14)
Guest
Guest

Re: Thunderbird: how to disable javascript?

Post by Guest »

Thanks for the help. I checked mine and it is also at False (default, no doubt).

The Mozilla advisory is at http://www.mozilla.org/security/announc ... 08-33.html

and Secunia's at http://secunia.com/advisories/30915/
rsx11m
Moderator
Posts: 14404
Joined: May 3rd, 2007, 7:40 am
Location: US

Re: Thunderbird: how to disable javascript?

Post by rsx11m »

It's in the MFSA announcement that you are referring to, just underneath the description:
Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.
Post Reply