Описание
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitVendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
The signature verification routine in Enigmail before 2.0.7 interprets ...
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2