This does not appear to be a serious security bug because it requires the user to insert a malicious html file into the mail composer. Based on the patch and (limited) blackbox testing, this does not appear to be remotely exploitable (eg via a crafted html email). The patch fixes reparent_embedded() in gtkhtml.c. This function is called by gtk_html_insert_html_generic(), which is in turn called by gtk_html_insert_html(), gtk_html_insert_gtk_html() and gtk_html_append_html(). These functions are only called via clipboard_paste_received_cb() and code from components/html-editor/engine.c.
I am going to set the priority to Low, as it appears to be just a crasher and requires user assistance.
This does not appear to be a serious security bug because it requires the user to insert a malicious html file into the mail composer. Based on the patch and (limited) blackbox testing, this does not appear to be remotely exploitable (eg via a crafted html email). The patch fixes reparent_embedded() in gtkhtml.c. This function is called by gtk_html_ insert_ html_generic( ), which is in turn called by gtk_html_ insert_ html(), gtk_html_ insert_ gtk_html( ) and gtk_html_ append_ html(). These functions are only called via clipboard_ paste_received_ cb() and code from components/ html-editor/ engine. c.
I am going to set the priority to Low, as it appears to be just a crasher and requires user assistance.