CVE-2014-5369
- EPSS 0.58%
- Veröffentlicht 08.09.2014 14:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
- EPSS 12.36%
- Veröffentlicht 06.03.2007 20:19:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remot...
CVE-2006-5877
- EPSS 0.83%
- Veröffentlicht 23.02.2007 21:28:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
- EPSS 0.63%
- Veröffentlicht 18.10.2005 21:02:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.