CVE-2016-7968

Name of the Vulnerable Software and Affected Versions KMail versions 5.3.0 and later

Description The issue concerns the execution of JavaScript code in HTML mail contents. Since version 5.3.0, KMail has used a QWebEngine based viewer with JavaScript enabled, but it did not sanitize HTML mail contents for JavaScript, allowing included code to be executed.

Recommendations For KMail versions 5.3.0 and later, consider disabling JavaScript execution in the QWebEngine based viewer as a temporary workaround until a patch is available.