we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability announce CVE-2012-3413

KDE: execution of JavaScript code in KMail

Synthesis of the vulnerability

An attacker can send an email containing JavaScript code, which is executed when the recipient opens the mail in KDE KMail.
Impacted products: Fedora, Unix (platform).
Severity: 2/4.
Creation date: 13/07/2012.
Identifiers: BID-54448, CVE-2012-3413, FEDORA-2012-10410, FEDORA-2012-10411, VIGILANCE-VUL-11772.

Description of the vulnerability

The KDE PIM KMail program is a messaging client for the KDE environment.

The HTMLQuoteColorer::process() method of the messageviewer/htmlquotecolorer.cpp file colorizes email quotes, which start by the character '>' or '|'. However, HTMLQuoteColorer::process() does does filter JavaScript, Java applets, nor plugins.

An attacker can therefore send an email containing JavaScript code, which is executed when the recipient opens the mail in KDE KMail.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.