[kmail2] [Bug 332225] New: KMail follows META REFRESH in HTML mail without asking, creating potential security problems
Mike Schneider
mike2.schneider at gmail.com
Sun Mar 16 19:33:52 GMT 2014
https://bugs.kde.org/show_bug.cgi?id=332225
Bug ID: 332225
Summary: KMail follows META REFRESH in HTML mail without
asking, creating potential security problems
Classification: Unclassified
Product: kmail2
Version: 4.11.5
Platform: openSUSE RPMs
URL: https://emailprivacytester.com
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: kdepim-bugs at kde.org
Reporter: mike2.schneider at gmail.com
KMail asks for confirmation before displaying HTML formatted mail. It also asks
for confirmation before loading external resources, but it does not aks before
folowing a META REFRESH embedde din the HMTL mail, thereby creating a potential
security problem as following a meta-refresh leads as much information as
loading an external resource.
Suggestewd behaviour: when displaying HTML formatted mails, KMail should ask
before following meta-refresh in the same was it asks before loading external
images.
For demonstration of the issue, see https://emailprivacytester.com
Reproducible: Always
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list