KMail 5.3.0 and Later: JavaScript-Enabled QWebEngine Viewer Allows Access to Remote and Local URLs

KMail 5.3.0 and Later: JavaScript-Enabled QWebEngine Viewer Allows Access to Remote and Local URLs

CVE-2016-7967 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.

Learn more about our Web App Pen Testing.