https://bugs.kde.org/show_bug.cgi?id=332225

            Bug ID: 332225
           Summary: KMail follows META REFRESH in HTML mail without
                    asking, creating potential security problems
    Classification: Unclassified
           Product: kmail2
           Version: 4.11.5
          Platform: openSUSE RPMs
               URL: https://emailprivacytester.com
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs@kde.org
          Reporter: mike2.schnei...@gmail.com

KMail asks for confirmation before displaying HTML formatted mail. It also asks
for confirmation before loading external resources, but it does not aks before
folowing a META REFRESH embedde din the HMTL mail, thereby creating a potential
security problem as following a meta-refresh leads as much information as
loading an external resource.

Suggestewd behaviour: when displaying HTML formatted mails, KMail should ask
before following meta-refresh in the same was it asks before loading external
images.

For demonstration of the issue, see https://emailprivacytester.com

Reproducible: Always

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Kdepim-bugs mailing list
Kdepim-bugs@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-bugs

Reply via email to