CVE-2012-3413

Priority
Medium
Description
The HTMLQuoteColorer::process function in
messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not
disable JavaScript, Java, and Plugins, which allows remote attackers to
inject arbitrary web script or HTML via a crafted email.
References
Bugs
Notes
 mdeslaur> caused by webkit migration, doesn't affect natty and lower
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (4:4.8.4a-0ubuntu0.3)
Patches:
Upstream:http://commits.kde.org/kdepim/dbb2f72f4745e00f53031965a9c10b2d6862bd54
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:48 UTC (commit 9756)