Audit found several holes in Enigmail

Mozillas Secure Open Source Fund and Posteo found several holes which could be abused in Thunderbird extension Enigmail. The hole called TBE-01-002 abuses the funcs.jsm email parser function. This function normally is there to extract eMail addresses but it seems that it's attackable by regular expressions. TBE-01-005 allows an attacker to see encrypted eMails in plain text which... Continue Reading →

Blog at WordPress.com.

Up ↑

%d bloggers like this: