https://bugs.kde.org/show_bug.cgi?id=371656
Erik Quaeghebeur <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|NOR |HI Version|5.16.1 |GIT (master) Severity|minor |major Summary|HTML mail styles spill into |HTML mail styles spill into |message header |message header: security | |risk --- Comment #12 from Erik Quaeghebeur <[email protected]> --- As is clear from some bug reports marked as a duplicate of this one, this issue is a security risk. Namely, the HTML's CSS may apply changes in an adversarial way, to, e.g., make phising scams more credible and more difficult to detect by the user. I've added that this is a security risk to the header and increased the importance. I've also indicated that it is still present in the current development branch. What has not yet been mentioned, I think, is that this issue can affect display of attachments. Any ideas for fixing this are welcome. The current rendering engine is far more advanced than it was five years ago, so we may have better options now. -- You are receiving this mail because: You are watching all bug changes.
