[kdepim] [Bug 371656] HTML mail styles spill into message header: security risk
Erik Quaeghebeur
bugzilla_noreply at kde.org
Sat Jan 1 10:31:38 GMT 2022
https://bugs.kde.org/show_bug.cgi?id=371656
Erik Quaeghebeur <bugs.kde.org at e3q.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|NOR |HI
Version|5.16.1 |GIT (master)
Severity|minor |major
Summary|HTML mail styles spill into |HTML mail styles spill into
|message header |message header: security
| |risk
--- Comment #12 from Erik Quaeghebeur <bugs.kde.org at e3q.eu> ---
As is clear from some bug reports marked as a duplicate of this one, this issue
is a security risk. Namely, the HTML's CSS may apply changes in an adversarial
way, to, e.g., make phising scams more credible and more difficult to detect by
the user. I've added that this is a security risk to the header and increased
the importance. I've also indicated that it is still present in the current
development branch.
What has not yet been mentioned, I think, is that this issue can affect display
of attachments.
Any ideas for fixing this are welcome. The current rendering engine is far more
advanced than it was five years ago, so we may have better options now.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list