https://bugs.kde.org/show_bug.cgi?id=408384
Bug ID: 408384
Summary: Email can modify email header, possibly hide
information
Product: kmail2
Version: 5.11.1
Platform: Archlinux Packages
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: UI
Assignee: kdepim-b...@kde.org
Reporter: cont...@scrumplex.net
Target Milestone: ---
Created attachment 120627
--> https://bugs.kde.org/attachment.cgi?id=120627&action=edit
Email that modified my header
SUMMARY
I recently received an email, that changed the appearance of the header. It
didn't do anything evil, but I am sure that this could be used to hide
information in a targeted attack.
STEPS TO REPRODUCE
1. View the attached mbox email in kmail (enable html)
OBSERVED RESULT
The header in the email viewer is affected by stylesheets in the email.
EXPECTED RESULT
The header should not be touchable by the email itself in any way.
SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 5.15.90
KDE Frameworks Version: 5.58.0
Qt Version: 5.13.0
Kernel Version: 5.1.7-zen1-1-zen
OS Type: 64-bit
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
