Enigmail: >> Enigmail Security Vulnerabilities
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-09-08
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVSS Score
5.0
EPSS Score
0.092
Published
2007-03-06
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
CVSS Score
7.8
EPSS Score
0.007
Published
2007-02-23
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-10-18
Page 2