[Bug 1117958] New: VUL-1: CVE-2018-19516: messagelib: Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. Workaround: Do not enable "Prefer HTML to plain text" in KMail settings.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958 Bug ID: 1117958 Summary: VUL-1: CVE-2018-19516: messagelib: Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. Workaround: Do not enable "Prefer HTML to plain text" in KMail settings. Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/219982/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Other Assignee: lbeltrame@kde.org Reporter: meissner@suse.com QA Contact: security-team@suse.de CC: alarrosa@suse.com, christophe@krop.fr, fabian@ritter-vogt.de, lbeltrame@kde.org, tittiatcoke@gmail.com, wbauer@tmo.at Found By: Security Response Team Blocker: --- CVE-2018-19516 Some HTML emails can trick messagelib into opening a new browser window when displaying said email as HTML. Workaround: Do not enable "Prefer HTML to plain text" in KMail settings. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19516 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19516.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19516 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c1
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c2
--- Comment #2 from Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c3
Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c4
Fabian Vogt
I submitted the update for Leap 15.0: https://build.opensuse.org/request/show/653598
Tumbleweed will soon get 18.12.0 anyway.
Regarding 42.3 I'm not sure yet.
Closing as fixed for now though, please reopen if you do think an update for 42.3 is necessary as well. Thanks.
I'll try it on 42.3 tomorrow, I've made a simple PoC here. For some reason it opens a dolphin window if opening a mail as .mbox file, which I have to investigate further... In any case, the fix seems to be incomplete, so this needs some more fixing for 15 and TW as well... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c5
--- Comment #5 from Wolfgang Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c7
--- Comment #7 from Wolfgang Bauer
I'll try it on 42.3 tomorrow, I've made a simple PoC here. For some reason it opens a dolphin window if opening a mail as .mbox file, which I have to investigate further... In any case, the fix seems to be incomplete, so this needs some more fixing for 15 and TW as well...
@Fabian: what's the status of this? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c8
--- Comment #8 from Fabian Vogt
(In reply to Fabian Vogt from comment #4)
I'll try it on 42.3 tomorrow, I've made a simple PoC here. For some reason it opens a dolphin window if opening a mail as .mbox file, which I have to investigate further... In any case, the fix seems to be incomplete, so this needs some more fixing for 15 and TW as well...
@Fabian: what's the status of this?
With https://codereview.qt-project.org/c/qt/qtwebengine/+/256100 applied to WE it's now possible to fix this fully and without and hacks with preprocessing. Not sure whether the messagelib counterpart is implemented though. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958
http://bugzilla.opensuse.org/show_bug.cgi?id=1117958#c9
--- Comment #9 from Wolfgang Bauer
With https://codereview.qt-project.org/c/qt/qtwebengine/+/256100 applied to WE it's now possible to fix this fully and without and hacks with preprocessing. Not sure whether the messagelib counterpart is implemented though.
So no option for Leap 42.3 anymore anyway I suppose. That was the main reason why I asked now. (and because it is still assigned to me, so I get notified about it again and again... ;-) ) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com