Mozilla / Thunderbird Valid Email Address Enumeration Weakness
plonk has discovered a weakness in Mozilla and Thunderbird, which can be exploited by malicious people to enumerate valid email addresses.
The weakness is caused due to an improper behaviour where references to external stylesheets in HTML documents are followed. This can be exploited to validate the existence of an mail address when a malicious mail is opened.
The weakness has been confirmed in Mozilla 1.7.3 and Thunderbird 0.8. Other versions may also be affected.
Solution: If this is considered a problem, then disable HTML support in emails:
"View" --> "Message Body As" --> "Plain Text"
http://secunia.com/advisories/13086/