lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.63.0610150342120.6495@elise.vidarlo.net>
Date: Sun, 15 Oct 2006 03:43:08 +0200 (CEST)
From: Vidar Løkken <vidarlo@...tdata.no>
To: nnp <version5@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org,
	bugtraq@...urityfocus.com
Subject: Re: Kmail <= 1.9.1 (table/frameset) DOS

On Sat, 14 Oct 2006, nnp wrote:

> Background:
> Kmail is a HTML compatible email client that comes installed by
> default with the KDE desktop. This DOS requires HTML parsing to be
> enabled. This can be done in Kmail by going to  Settings -> Configure
> Kmail ->Security -> and tick Prefer HTML to Plain Text.
>

There is a reason HTML is disabled by default, and you explicit have to 
enable it, and they say it might be dangerous. So it is not a serious 
issue IMHO, but should neverthless be fixed.

-- 
MVH,
Vidar
May your Tongue stick to the Roof of your Mouth with the Force of a
Thousand Caramels.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ