CVE-2014-5369
- EPSS 0.58%
- Published 08.09.2014 14:55:03
- Last modified 12.04.2025 10:46:40
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
- EPSS 9.78%
- Published 06.03.2007 20:19:00
- Last modified 09.04.2025 00:30:58
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remot...
CVE-2006-5877
- EPSS 0.8%
- Published 23.02.2007 21:28:00
- Last modified 09.04.2025 00:30:58
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
- EPSS 0.63%
- Published 18.10.2005 21:02:00
- Last modified 03.04.2025 01:03:51
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.