2 matches found
CVE-2017-17848
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be...
CVE-2017-17848
CVE-2017-17848 affects Enigmail before 1.9.9. It describes signature spoofing for multipart/related messages: a signed part can be referenced with a cid: URI but not displayed, making the recipient see a signed message while none of the signed text is actually shown. Connected sources indicate fi...