[kmail2] [Bug 408384] New: Email can modify email header, possibly hide information

Sefa Eyeoglu bugzilla_noreply at kde.org
Thu Jun 6 15:44:54 BST 2019


https://bugs.kde.org/show_bug.cgi?id=408384

            Bug ID: 408384
           Summary: Email can modify email header, possibly hide
                    information
           Product: kmail2
           Version: 5.11.1
          Platform: Archlinux Packages
                OS: Linux
            Status: REPORTED
          Severity: major
          Priority: NOR
         Component: UI
          Assignee: kdepim-bugs at kde.org
          Reporter: contact at scrumplex.net
  Target Milestone: ---

Created attachment 120627
  --> https://bugs.kde.org/attachment.cgi?id=120627&action=edit
Email that modified my header

SUMMARY
I recently received an email, that changed the appearance of the header. It
didn't do anything evil, but I am sure that this could be used to hide
information in a targeted attack.

STEPS TO REPRODUCE
1. View the attached mbox email in kmail (enable html)

OBSERVED RESULT
The header in the email viewer is affected by stylesheets in the email.

EXPECTED RESULT
The header should not be touchable by the email itself in any way.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.15.90
KDE Frameworks Version: 5.58.0
Qt Version: 5.13.0
Kernel Version: 5.1.7-zen1-1-zen
OS Type: 64-bit

ADDITIONAL INFORMATION

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Kdepim-bugs mailing list