{"id":"UBUNTU-CVE-2016-7968","details":"KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.","modified":"2025-07-16T07:18:00.362980Z","published":"2016-12-23T22:59:00Z","withdrawn":"2025-07-18T16:43:37Z","upstream":["CVE-2016-7968"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7968"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2016/10/05/1"},{"type":"REPORT","url":"https://www.kde.org/info/security/advisory-20161006-3.txt"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-7968"}],"affected":[{"package":{"name":"kdepim","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/kdepim@4:4.13.3-0ubuntu0.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.13.3-0ubuntu0.1"}]}],"versions":["4:4.11.2-0ubuntu1","4:4.11.2-0ubuntu2","4:4.11.80-0ubuntu1","4:4.11.95-0ubuntu1","4:4.11.97-0ubuntu1","4:4.12.0-0ubuntu1","4:4.12.1-0ubuntu1","4:4.12.2-0ubuntu1","4:4.12.3-0ubuntu1","4:4.12.90-0ubuntu1","4:4.12.90-0ubuntu2","4:4.12.95-0ubuntu1","4:4.12.97-0ubuntu1","4:4.13.0-0ubuntu1","4:4.13.1-0ubuntu0.1","4:4.13.2-0ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"akonadiconsole"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"akregator"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"blogilo"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kaddressbook"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kaddressbook-mobile"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kalarm"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kde-config-pimactivity"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-dbg"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-dev"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-doc"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-kresources"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-mobile"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-mobileui-data"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kdepim-themeeditors"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kjots"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kleopatra"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kmail"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kmail-mobile"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"knode"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"knotes"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"konsolekalendar"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"kontact"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"korganizer"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"korganizer-mobile"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"ktimetracker"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"ktnef"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libcalendarsupport4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libcomposereditorng4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libeventviews4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libgrammar4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libincidenceeditorsng4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkdepim4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkdepimdbusinterfaces4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkdepimmobileui4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkdgantt2-0"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkleo4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkmanagesieve4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libkpgp4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libksieve4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libksieveui4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libmailcommon4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libmailimporter4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libmessagecomposer4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libmessagecore4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libmessagelist4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libmessageviewer4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libnoteshared4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libpimactivity4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libpimcommon4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libsendlater4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"libtemplateparser4"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"notes-mobile"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"storageservicemanager"},{"binary_version":"4:4.13.3-0ubuntu0.1","binary_name":"tasks-mobile"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7968.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}