This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

Calendar invite display

  • 1 èsì
  • 1 ní ìṣòro yìí
  • 1 view
  • Èsì tí ó kẹ́hìn lọ́wọ́ christ1

more options

Thunderbird has a setting in View > Message Body As > Plain Text. For normal email, this means only a stripped text representation of the original email body is shown to prevent Thunderbird form loading and/or executing malicious code.

Observation: Messages containing *.ics attachments are displayed in a HTML table.

Question: Does this mean that sending malicious code in an *.ics can circumvent the Plain Text setting safety measures?

Thunderbird has a setting in View > Message Body As > Plain Text. For normal email, this means only a stripped text representation of the original email body is shown to prevent Thunderbird form loading and/or executing malicious code. Observation: Messages containing *.ics attachments are displayed in a HTML table. Question: Does this mean that sending malicious code in an *.ics can circumvent the Plain Text setting safety measures?

All Replies (1)

more options

What exactly is your definition of 'malicious code'? If you're talking about embedded JavaScript, Thunderbird does not run JavaScript code in email messages per definition, and it cannot be turned on manually either.

If you mean to click on a link to a malicious web site in an email, this would also be possible in plain text messages.