CVE-2012-3413

Priority
Medium
Description
The HTMLQuoteColorer::process function in
messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not
disable JavaScript, Java, and Plugins, which allows remote attackers to
inject arbitrary web script or HTML via a crafted email.
References
Bugs
Notes
 mdeslaur> caused by webkit migration, doesn't affect natty and lower
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (4:4.8.4a-0ubuntu0.3)
Patches:
Upstream:http://commits.kde.org/kdepim/dbb2f72f4745e00f53031965a9c10b2d6862bd54
More Information

Updated: 2016-03-23 03:39:37 UTC (commit 10817)