Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enigmail enigmail vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-15586
Enigmail prior to 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Enigmail Enigmail
6.5
CVSSv3
CVE-2017-17844
An issue exists in Enigmail prior to 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attack...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
6.1
CVSSv3
CVE-2020-15677
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerabi...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
5.9
CVSSv3
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
5.9
CVSSv3
CVE-2017-17843
An issue exists in Enigmail prior to 1.9.9 that allows remote malicious users to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Ful...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2015-4488
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox prior to 40.0, Firefox ESR 38.x prior to 38.2, and Firefox OS prior to 2.2 allows remote malicious users to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
Oracle Solaris 11.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Mozilla Firefox Esr 38.1.0
Mozilla Firefox Os 2.1.0
Mozilla Firefox Esr 38.0.1
Mozilla Firefox Esr 38.0.5
Mozilla Firefox Esr 38.0
Mozilla Firefox
NA
CVE-2014-1585
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox prior to 33.0, Firefox ESR 31.x prior to 31.2, and Thunderbird 31.x prior to 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote malicious users ...
Mozilla Thunderbird 31.1.0
Mozilla Thunderbird 31.0
Mozilla Firefox Esr 31.1.0
Mozilla Firefox Esr 31.0
Mozilla Firefox 30.0
Mozilla Firefox 31.1.0
Mozilla Firefox 31.0
Mozilla Firefox
NA
CVE-2014-1586
content/base/src/nsDocument.cpp in Mozilla Firefox prior to 33.0, Firefox ESR 31.x prior to 31.2, and Thunderbird 31.x prior to 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote malicious users to obtain sensitive information from the local cam...
Mozilla Firefox 30.0
Mozilla Firefox 31.1.0
Mozilla Firefox 31.0
Mozilla Firefox
Mozilla Thunderbird 31.0
Mozilla Thunderbird 31.1.0
Mozilla Firefox Esr 31.1.0
Mozilla Firefox Esr 31.0
NA
CVE-2014-5369
Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.
Enigmail Enigmail 1.7.2
Enigmail Enigmail 1.7
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »