332225 – KMail follows META REFRESH in HTML mail without asking, creating potential security problems

Bug 332225 - KMail follows META REFRESH in HTML mail without asking, creating potential security problems

Summary: KMail follows META REFRESH in HTML mail without asking, creating potential se...

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kmail2
Classification:	Applications
Component:	general (show other bugs)
Version:	4.11.5
Platform:	openSUSE Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:	https://emailprivacytester.com
Keywords:

Depends on:
Blocks:

Reported:	2014-03-16 19:33 UTC by Mike Schneider
Modified:	2014-03-16 19:50 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Schneider 2014-03-16 19:33:52 UTC

KMail asks for confirmation before displaying HTML formatted mail. It also asks for confirmation before loading external resources, but it does not aks before folowing a META REFRESH embedde din the HMTL mail, thereby creating a potential security problem as following a meta-refresh leads as much information as loading an external resource.

Suggestewd behaviour: when displaying HTML formatted mails, KMail should ask before following meta-refresh in the same was it asks before loading external images.

For demonstration of the issue, see https://emailprivacytester.com

Reproducible: Always