| Summary: | Email can modify email header, possibly hide information | ||
|---|---|---|---|
| Product: | [Applications] kmail2 | Reporter: | Sefa Eyeoglu <contact> |
| Component: | UI | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | REPORTED --- | ||
| Severity: | major | ||
| Priority: | NOR | ||
| Version: | 5.11.2 | ||
| Target Milestone: | --- | ||
| Platform: | Arch Linux | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Attachments: |
Email that modified my header
Screenshot of the header |
||
Created attachment 120628 [details]
Screenshot of the header
|
Created attachment 120627 [details] Email that modified my header SUMMARY I recently received an email, that changed the appearance of the header. It didn't do anything evil, but I am sure that this could be used to hide information in a targeted attack. STEPS TO REPRODUCE 1. View the attached mbox email in kmail (enable html) OBSERVED RESULT The header in the email viewer is affected by stylesheets in the email. EXPECTED RESULT The header should not be touchable by the email itself in any way. SOFTWARE/OS VERSIONS Operating System: Arch Linux KDE Plasma Version: 5.15.90 KDE Frameworks Version: 5.58.0 Qt Version: 5.13.0 Kernel Version: 5.1.7-zen1-1-zen OS Type: 64-bit ADDITIONAL INFORMATION