KMail 5.3.0 and Later: JavaScript-Enabled QWebEngine Viewer Allows Access to Remote and Local URLs
CVE-2016-7967 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:N
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
Learn more about our Web App Pen Testing.