CVE-2012-3413

Priority
Medium
Description
The HTMLQuoteColorer::process function in
messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not
disable JavaScript, Java, and Plugins, which allows remote attackers to
inject arbitrary web script or HTML via a crafted email.
References
Bugs
Notes
mdeslaur> caused by webkit migration, doesn't affect natty and lower
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):released (4:4.7.4+git111222-0ubuntu0.3)
Ubuntu 12.04 LTS (Precise Pangolin):released (4:4.8.4a-0ubuntu0.3)
Ubuntu 12.10 (Quantal Quetzal):released (4:4.8.90-0ubuntu2)
Patches:
Upstream:http://commits.kde.org/kdepim/dbb2f72f4745e00f53031965a9c10b2d6862bd54
More Information

Valid XHTML 1.0 Strict

Updated: 2012-08-08 20:14:36 UTC (commit 5607)