[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS

To: nnp <version5@xxxxxxxxx>
Subject: Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS
From: Vidar Løkken <vidarlo@xxxxxxxxxxx>
Date: Sun, 15 Oct 2006 03:43:08 +0200 (CEST)

On Sat, 14 Oct 2006, nnp wrote:

> Background:
> Kmail is a HTML compatible email client that comes installed by
> default with the KDE desktop. This DOS requires HTML parsing to be
> enabled. This can be done in Kmail by going to  Settings -> Configure
> Kmail ->Security -> and tick Prefer HTML to Plain Text.
>

There is a reason HTML is disabled by default, and you explicit have to 
enable it, and they say it might be dangerous. So it is not a serious 
issue IMHO, but should neverthless be fixed.

-- 
MVH,
Vidar
May your Tongue stick to the Roof of your Mouth with the Force of a
Thousand Caramels.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS
  - From: nnp

Prev by Date: Re: [Full-disclosure] UNOFFICIAL ZERT PATCH CAUSES NYC PLANECRASH
Next by Date: [Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability
Previous by thread: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOS
Next by thread: [Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability
Index(es):
- Date
- Thread