CVE-2012-3413
Priority
Medium
Description
The HTMLQuoteColorer::process function in
messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not
disable JavaScript, Java, and Plugins, which allows remote attackers to
inject arbitrary web script or HTML via a crafted email.
messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not
disable JavaScript, Java, and Plugins, which allows remote attackers to
inject arbitrary web script or HTML via a crafted email.
References
Notes
mdeslaur> caused by webkit migration, doesn't affect natty and lower
Assigned-to
mdeslaur
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected |
| Ubuntu 11.04 (Natty Narwhal): | not-affected |
| Ubuntu 11.10 (Oneiric Ocelot): | released (4:4.7.4+git111222-0ubuntu0.3) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (4:4.8.4a-0ubuntu0.3) |
| Ubuntu 12.10 (Quantal Quetzal): | released (4:4.8.90-0ubuntu2) |
Patches:
| Upstream: | http://commits.kde.org/kdepim/dbb2f72f4745e00f53031965a9c10b2d6862bd54 |