CVE-2012-3413
Published: 19 July 2012
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.
Notes
Author | Note |
---|---|
mdeslaur | caused by webkit migration, doesn't affect natty and lower |
Priority
Status
Package | Release | Status |
---|---|---|
kdepim Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Released
(4:4.7.4+git111222-0ubuntu0.3)
|
|
precise |
Released
(4:4.8.4a-0ubuntu0.3)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://commits.kde.org/kdepim/dbb2f72f4745e00f53031965a9c10b2d6862bd54 |