Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Enigmail 安全漏洞
Vulnerability Description
Enigmail是Enigmail团队开发的一个Mozilla Thunderbird和Seamonkey的安全扩展,它支持撰写和接收通过安全签名和加密的邮件(使用OpenPGP标准进行签名和加密),并提供GUI配置和OpenPGP密钥管理。 Enigmail 2.0.7之前版本中的签名验证例行程序存在安全漏洞,该漏洞源于程序将用户ID解析成状态/控制消息,并且没有正确的跟踪多个签名的状态。远程攻击者可借助公钥利用该漏洞伪造任意邮件签名。
CVSS Information
N/A
Vulnerability Type
N/A