Comment 2 for bug 243487

This does not appear to be a serious security bug because it requires the user to insert a malicious html file into the mail composer. Based on the patch and (limited) blackbox testing, this does not appear to be remotely exploitable (eg via a crafted html email). The patch fixes reparent_embedded() in gtkhtml.c. This function is called by gtk_html_insert_html_generic(), which is in turn called by gtk_html_insert_html(), gtk_html_insert_gtk_html() and gtk_html_append_html(). These functions are only called via clipboard_paste_received_cb() and code from components/html-editor/engine.c.

I am going to set the priority to Low, as it appears to be just a crasher and requires user assistance.