| Summary: | Rendering of HTML can bleed over message headers | ||
|---|---|---|---|
| Product: | [Applications] kmail2 | Reporter: | simon |
| Component: | general | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | bugs.kde.org, jjm, montel |
| Priority: | NOR | ||
| Version: | 5.15.3 | ||
| Target Milestone: | --- | ||
| Platform: | Debian stable | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Attachments: |
Rendering
HTML - from phisher - be careful mbox format spam |
||
Created attachment 141199 [details]
HTML - from phisher - be careful
Attaching the decoded HTML from the email. Although I wouldn't have thought it useful for fixing the issues, it might help reproduce the test case.
Is it possible to save email as mbox and send me it (in private as you want). Thanks Duplicate of 429393? Created attachment 141217 [details]
mbox format spam
Agree on duplicate of 429393, although the description there isn't clear that the HTML can alter the headers entirely that is only picked up on in the comments. *** This bug has been marked as a duplicate of bug 371656 *** |
Created attachment 141198 [details] Rendering SUMMARY STEPS TO REPRODUCE 1. Received spam email 2. View in Kmail with HTML enabled. OBSERVED RESULT The spammer HTML is rendered bleeding over the message list component, this allows the scammer to fake information, as well as making their phishing attack more effective. EXPECTED RESULT The mail client will prevent the email content corrupting the display of message metadata, so that users can make informed choices, and are less likely to be fooled. SOFTWARE/OS VERSIONS Linux/KDE Plasma: (available in About System) KDE Plasma Version: 5.20.5 KDE Frameworks Version: 5.78.0 Qt Version: 5.15.2 ADDITIONAL INFORMATION