*** This bug is a security vulnerability ***
Public security bug reported:
Through a malicious URL that contained a quote character it
was possible to inject HTML code in KMail's plain text viewer.
Due to the parser used on the URL it was not possible to include
the equal sign (=) or a space into the injected HTML, which greatly
reduces the available HTML functionality. Although it is possible
to include an HTML comment indicator to hide content.
Note: Affected package is kdepimlibs in 12.04 - 15.04 and it looks like
both kcoreaddons and messagecomposer in later releases.
** Affects: kdepimlibs (Ubuntu)
Importance: High
Status: Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1631237
Title:
KMail: HTML injection in plain text viewer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kdepimlibs/+bug/1631237/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
