CVE-2016-7967

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
Group Package Affected Fixed Severity Status Ticket
AVG-44 messagelib 16.08.1-1 16.08.1-2 Medium Fixed
Date Advisory Group Package Severity Description
07 Oct 2016 ASA-201610-5 AVG-44 messagelib Medium multiple issues
References
https://www.kde.org/info/security/advisory-20161006-2.txt
http://seclists.org/oss-sec/2016/q4/23
Notes
changed severity and type.. severity = medium, type = cross-site-scripting..