PT-2016-7450 · Kde · Kmail

Published

2016-12-23

Updated

2016-12-27

CVE-2016-7967

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions KMail versions 5.3.0 and later

Description The issue concerns the use of a QWebEngine based viewer in KMail that has JavaScript enabled. This allows the generated HTML to be executed in the local file security context, enabling access to both remote and local URLs by default.

Recommendations For KMail versions 5.3.0 and later, consider disabling JavaScript in the QWebEngine based viewer to minimize the risk of exploitation.

Fix

Improper Access Control

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-94

Related Identifiers

CVE-2016-7967

Affected Products

Kmail

PT-2016-7450 · Kde · Kmail

CVE-2016-7967

Weakness Enumeration

Related Identifiers

Affected Products

References · 8