408384 – Email can modify email header, possibly hide information

Bug 408384 - Email can modify email header, possibly hide information

Summary: Email can modify email header, possibly hide information

Status:	REPORTED

Alias:	None

Product:	kmail2
Classification:	Applications
Component:	UI (show other bugs)
Version:	5.11.2
Platform:	Arch Linux Linux

Importance:	NOR major
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-06-06 14:44 UTC by Sefa Eyeoglu
Modified:	2019-06-19 11:49 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Email that modified my header (24.39 KB, application/mbox) 2019-06-06 14:44 UTC, Sefa Eyeoglu	Details
Screenshot of the header (144.15 KB, image/png) 2019-06-06 14:45 UTC, Sefa Eyeoglu	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Sefa Eyeoglu 2019-06-06 14:44:54 UTC

Created attachment 120627 [details]
Email that modified my header

SUMMARY
I recently received an email, that changed the appearance of the header. It didn't do anything evil, but I am sure that this could be used to hide information in a targeted attack.

STEPS TO REPRODUCE
1. View the attached mbox email in kmail (enable html)

OBSERVED RESULT
The header in the email viewer is affected by stylesheets in the email.

EXPECTED RESULT
The header should not be touchable by the email itself in any way.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 5.15.90
KDE Frameworks Version: 5.58.0
Qt Version: 5.13.0
Kernel Version: 5.1.7-zen1-1-zen
OS Type: 64-bit

ADDITIONAL INFORMATION

Comment 1 Sefa Eyeoglu 2019-06-06 14:45:14 UTC

Created attachment 120628 [details]
Screenshot of the header