Описание
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.6 (исключая)
cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00218
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 6.5
ubuntu
почти 7 лет назад
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
CVSS3: 6.5
debian
почти 7 лет назад
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed ...
CVSS3: 6.5
github
больше 3 лет назад
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
EPSS
Процентиль: 44%
0.00218
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-347