https://bugs.kde.org/show_bug.cgi?id=332225
Bug ID: 332225
Summary: KMail follows META REFRESH in HTML mail without
asking, creating potential security problems
Classification: Unclassified
Product: kmail2
Version: 4.11.5
Platform: openSUSE RPMs
URL: https://emailprivacytester.com
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: kdepim-bugs@kde.org
Reporter: mike2.schnei...@gmail.com
KMail asks for confirmation before displaying HTML formatted mail. It also asks
for confirmation before loading external resources, but it does not aks before
folowing a META REFRESH embedde din the HMTL mail, thereby creating a potential
security problem as following a meta-refresh leads as much information as
loading an external resource.
Suggestewd behaviour: when displaying HTML formatted mails, KMail should ask
before following meta-refresh in the same was it asks before loading external
images.
For demonstration of the issue, see https://emailprivacytester.com
Reproducible: Always
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Kdepim-bugs mailing list
Kdepim-bugs@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-bugs
