Launchpad CVE tracker

CVE 2012-3413

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.

Related bugs and status

CVE-2012-3413 (Candidate) is related to these bugs:

Bug #1022690: kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled

		In	Importance	Status
1022690	kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled	kdepim (Ubuntu)	High	Fix Released
1022690	kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled	kdepim (Ubuntu Oneiric)	High	Fix Released
1022690	kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled	kdepim (Ubuntu Precise)	High	Fix Released
1022690	kmail/kontact message viewer incorrectly defaults to having JavaScript, Java, and Plugins enabled	kdepim (Ubuntu Quantal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3413

References