Описание
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2:1.9.9-0ubuntu0.17.10.1 |
| devel | not-affected | 2:1.9.9-1 |
| esm-apps/xenial | released | 2:1.9.9-0ubuntu0.16.04.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2:1.9.9-0ubuntu0.14.04.1]] |
| precise/esm | DNE | |
| trusty | released | 2:1.9.9-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [2:1.9.9-0ubuntu0.14.04.1] |
| upstream | released | 2:1.9.9-1 |
| xenial | released | 2:1.9.9-0ubuntu0.16.04.1 |
| zesty | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.
An issue was discovered in Enigmail before 1.9.9. Signature spoofing i ...
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3