Enigmail vulnerability

2005-10-2000:00:00

ubuntu.com

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.2%

JSON

Releases

Ubuntu 5.10
Ubuntu 5.04
Ubuntu 4.10

Details

Hadmut Danish discovered an information disclosure vulnerability in
the key selection dialog of the Mozilla/Thunderbird enigmail plugin.
If a user’s keyring contained a key with an empty user id (i. e. a
key without a name and email address), this key was selected by
default when the user attempted to send an encrypted email. Unless
this empty key was manually deselected, the message got encrypted for
that empty key, whose owner could then decrypt it.

OSVersionArchitecturePackageVersionFilename
Ubuntu5.10noarchmozilla-enigmail< *UNKNOWN
Ubuntu5.10noarchmozilla-thunderbird-enigmail< *UNKNOWN
Ubuntu5.04noarchmozilla-enigmail< *UNKNOWN
Ubuntu5.04noarchmozilla-thunderbird-enigmail< *UNKNOWN
Ubuntu4.10noarchmozilla-enigmail< *UNKNOWN
Ubuntu4.10noarchmozilla-thunderbird-enigmail< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.10	noarch	mozilla-enigmail	< *	UNKNOWN
Ubuntu	5.10	noarch	mozilla-thunderbird-enigmail	< *	UNKNOWN
Ubuntu	5.04	noarch	mozilla-enigmail	< *	UNKNOWN
Ubuntu	5.04	noarch	mozilla-thunderbird-enigmail	< *	UNKNOWN
Ubuntu	4.10	noarch	mozilla-enigmail	< *	UNKNOWN
Ubuntu	4.10	noarch	mozilla-thunderbird-enigmail	< *	UNKNOWN