Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Mozilla サポートの検索

サポート詐欺に注意してください。 私たちはあなたに通話やショートメッセージの送信、個人情報の共有を求めることはありません。疑わしい行為を見つけたら「迷惑行為を報告」からご報告ください。

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Calendar invite display

  • 1 件の返信
  • 1 人がこの問題に困っています
  • 150 回表示
  • 最後の返信者: christ1

AImost
AImost

Thunderbird has a setting in View > Message Body As > Plain Text. For normal email, this means only a stripped text representation of the original email body is shown to prevent Thunderbird form loading and/or executing malicious code.

Observation: Messages containing *.ics attachments are displayed in a HTML table.

Question: Does this mean that sending malicious code in an *.ics can circumvent the Plain Text setting safety measures?

Thunderbird has a setting in View > Message Body As > Plain Text. For normal email, this means only a stripped text representation of the original email body is shown to prevent Thunderbird form loading and/or executing malicious code. Observation: Messages containing *.ics attachments are displayed in a HTML table. Question: Does this mean that sending malicious code in an *.ics can circumvent the Plain Text setting safety measures?

すべての返信 (1)

christ1
christ1
  • Top 25 Contributor
  • Moderator

What exactly is your definition of 'malicious code'? If you're talking about embedded JavaScript, Thunderbird does not run JavaScript code in email messages per definition, and it cannot be turned on manually either.

If you mean to click on a link to a malicious web site in an email, this would also be possible in plain text messages.