[kmail2] [Bug 394554] Regression: kMail 5.8.1 Information Leak: kMail loads external references in HTML mails without asking

Gunter Ohrner bugzilla_noreply at kde.org
Thu May 24 09:22:31 BST 2018


https://bugs.kde.org/show_bug.cgi?id=394554

--- Comment #12 from Gunter Ohrner <kdebugs at CustomCDROM.de> ---
(In reply to Volker Krause from comment #11)
> One thing I noticed during testing this is that once you loaded external
> references for an email, the next display of HTML content without confirming
> loading external references can be served from the web engine cache, and
> neither show the external content warning nor perform any network access.
> Restarting KMail seemed to reset that here though.

That's probably the same thing I referred to in:

(comment #10 from Gunter Ohrner)
> After confirming this once, it seems to be remembered by kMail for this
> message and I do not have to confirm it on subsequent displays.


However, with the example message I attached, I was never asked. The image was
displayed immediately when opening the message for the first time and chosing
"render HTML".

I'll check if it does network access in this case, but I would not know where
else it would get the image from.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Kdepim-bugs mailing list