[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Possible security problem in KHTML or KMail?
From: Malte Starostik <malte () kde ! org>
Date: 2001-10-10 1:29:59
[Download RAW message or body]
Hi,
Vadim's message:
Subject: crash on amdzone.com - from ad.doubleclick.net
From: Vadim Plessky <lucy-ples@mtu-net.ru>
To: 30266@bugs.kde.org
Cc: KFM Devel <kfm-devel@master.kde.org>
caused the following error message to appear when I clicked on it in KMail.
"Unable to run the command specified. The file or directory
file:/ads1_files/B46014;sZ=468x60;siteid=C296;ord=[timestamp].htm"
Although external references are disabled, this "works" in a HTML mail:
<html><head></head><body>
<iframe width="200" height="300" src="/etc/passwd"></iframe>
</body></html>
(see the attachment to this mail for an example)
I'm not sure if there are any possible security/privacy problems with this,
and whether KHTML or KMail is to blame here. Therefore crossposting.
--
Malte Starostik
PGP: 1024D/D2F3C787 [C138 2121 FAF3 410A 1C2A 27CD 5431 7745 D2F3 C787]
["iframe.bz2" (application/x-bzip2)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic