CVE-2014-5369
- EPSS 1.94%
- Veröffentlicht 08.09.2014 14:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
- EPSS 4.6%
- Veröffentlicht 06.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:15
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remot...
CVE-2006-5877
- EPSS 1.65%
- Veröffentlicht 23.02.2007 21:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:03
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
- EPSS 1.78%
- Veröffentlicht 18.10.2005 21:02:00
- Zuletzt bearbeitet 16.06.2026 22:16:35
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.