Enigmail: >> Enigmail >> 0.81.6 Security Vulnerabilities
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVSS Score
5.0
EPSS Score
0.092
Published
2007-03-06
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
CVSS Score
7.8
EPSS Score
0.007
Published
2007-02-23
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
CVSS Score
5.0
EPSS Score
0.006
Published
2005-10-18
Page 2