[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Possible security problem in KHTML or KMail?
From:       Malte Starostik <malte () kde ! org>
Date:       2001-10-10 1:29:59
[Download RAW message or body]


Hi,

Vadim's message:
Subject: crash on amdzone.com - from ad.doubleclick.net
From: Vadim Plessky <lucy-ples@mtu-net.ru>
To: 30266@bugs.kde.org
Cc: KFM Devel <kfm-devel@master.kde.org>

caused the following error message to appear when I clicked on it in KMail.
"Unable to run the command specified. The file or directory 
file:/ads1_files/B46014;sZ=468x60;siteid=C296;ord=[timestamp].htm"

Although external references are disabled, this "works" in a HTML mail:

<html><head></head><body>
<iframe width="200" height="300" src="/etc/passwd"></iframe>
</body></html>

(see the attachment to this mail for an example)

I'm not sure if there are any possible security/privacy problems with this, 
and whether KHTML or KMail is to blame here. Therefore crossposting.

-- 
Malte Starostik
PGP: 1024D/D2F3C787 [C138 2121 FAF3 410A 1C2A  27CD 5431 7745 D2F3 C787]

["iframe.bz2" (application/x-bzip2)]

[prev in list] [next in list] [prev in thread] [next in thread]