| Name | CVE-2012-3413 |
| Description | The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| kdepim | source | (unstable) | (not affected) |
- kdepim <not-affected> (Only affects kdepim >= 4.6)
CVE-request https://www.openwall.com/lists/oss-security/2012/07/13/3
https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690