[kmail2] [Bug 408384] New: Email can modify email header, possibly hide information
Sefa Eyeoglu
bugzilla_noreply at kde.org
Thu Jun 6 15:44:54 BST 2019
https://bugs.kde.org/show_bug.cgi?id=408384
Bug ID: 408384
Summary: Email can modify email header, possibly hide
information
Product: kmail2
Version: 5.11.1
Platform: Archlinux Packages
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: UI
Assignee: kdepim-bugs at kde.org
Reporter: contact at scrumplex.net
Target Milestone: ---
Created attachment 120627
--> https://bugs.kde.org/attachment.cgi?id=120627&action=edit
Email that modified my header
SUMMARY
I recently received an email, that changed the appearance of the header. It
didn't do anything evil, but I am sure that this could be used to hide
information in a targeted attack.
STEPS TO REPRODUCE
1. View the attached mbox email in kmail (enable html)
OBSERVED RESULT
The header in the email viewer is affected by stylesheets in the email.
EXPECTED RESULT
The header should not be touchable by the email itself in any way.
SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 5.15.90
KDE Frameworks Version: 5.58.0
Qt Version: 5.13.0
Kernel Version: 5.1.7-zen1-1-zen
OS Type: 64-bit
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list