An issue exists in KDE KMail prior to 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde kmail |
Some OpenPGP, S/MIME-capable email clients vulnerable to attack Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround
Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. They found that five out of 18 OpenPGP-capable email clients and six out of 18 S/MIME-capable clients are vulnerable to at least one attack. These flaws are not due to cryptographic weaknesses. Rather they arise from the complexity of email infrastructure, based on dozens of s...
Some OpenPGP, S/MIME-capable email clients vulnerable to attack Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround
Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. They found that five out of 18 OpenPGP-capable email clients and six out of 18 S/MIME-capable clients are vulnerable to at least one attack. These flaws are not due to cryptographic weaknesses. Rather they arise from the complexity of email infrastructure, based on dozens of s...