High severity8.1NVD Advisory· Published Dec 23, 2016· Updated May 6, 2026

CVE-2016-7967

Description

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.

Affected products

KDE/Kmail
cpe:2.3:a:kde:kmail:*:*:*:*:*:*:*:*
Range: <=5.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2016/10/05/1nvdThird Party Advisory
www.securityfocus.com/bid/93360nvdThird Party AdvisoryVDB Entry
www.kde.org/info/security/advisory-20161006-2.txtnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000