[kmail2] [Bug 394554] Regression: kMail 5.8.1 Information Leak: kMail loads external references in HTML mails without asking
Gunter Ohrner
bugzilla_noreply at kde.org
Thu May 24 15:47:03 BST 2018
https://bugs.kde.org/show_bug.cgi?id=394554
--- Comment #18 from Gunter Ohrner <kdebugs at CustomCDROM.de> ---
(In reply to Christophe Giboudeaux from comment #15)
> Did you load external references for another message in the same folder
> before reading this one ?
>
> OK, I can reproduce something weird with master:
>
> in folder X, I loaded external references for one email, then I switched to
> another html message and clicked on the sidebar to switch from plaintext to
> html and the external references were loaded.
>
> (The senders/company have nothing in common)
Good catch! I was literally trying for hours to find a pattern. (Ok, most of
the time got wasted while dealing with disk-full problems thanks to
byzanz-record - to record a proof as GIF screencast - filling /tmp/ in no time
by default... ;)
I also can reproduce it using this pattern. Possibly it was what I was doing
all the time.
During my tests and using Wireshark I definitely saw kMail doing network
accesses without any prior confirmation for the rendered email.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list