KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.Referenceshttp://www.securityfocus.com/bid/93360http://www.openwall.com/lists/oss-security/2016/10/05/1
