Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enigmail enigmail vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
383
VMScore
CVE-2019-14664
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the malici...
Enigmail Enigmail
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
383
VMScore
CVE-2018-15586
Enigmail prior to 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Enigmail Enigmail
383
VMScore
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
383
VMScore
CVE-2017-17843
An issue exists in Enigmail prior to 1.9.9 that allows remote malicious users to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Ful...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2017-17844
An issue exists in Enigmail prior to 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attack...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2014-5369
Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.
Enigmail Enigmail 1.7.2
Enigmail Enigmail 1.7
1 Article
383
VMScore
CVE-2013-1692
Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote malicious users to conduct cross-si...
Mozilla Firefox 19.0
Mozilla Firefox 19.0.2
Mozilla Firefox 20.0.1
Mozilla Firefox 19.0.1
Mozilla Firefox 20.0
Mozilla Firefox
Mozilla Firefox Esr 17.0.5
Mozilla Firefox Esr 17.0
Mozilla Firefox Esr 17.0.1
Mozilla Firefox Esr 17.0.6
Mozilla Firefox Esr 17.0.4
Mozilla Firefox Esr 17.0.3
Mozilla Firefox Esr 17.0.2
Mozilla Thunderbird 17.0.3
Mozilla Thunderbird 17.0.1
Mozilla Thunderbird 17.0.4
Mozilla Thunderbird 17.0
Mozilla Thunderbird 17.0.2
Mozilla Thunderbird
Mozilla Thunderbird 17.0.5
Mozilla Thunderbird Esr 17.0.1
Mozilla Thunderbird Esr 17.0.2
383
VMScore
CVE-2013-1693
The SVG filter implementation in Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7 allows remote malicious users to read pixel values, and possibly bypass the Same Origin Policy and read text fro...
Mozilla Firefox 19.0
Mozilla Firefox 19.0.2
Mozilla Firefox 20.0.1
Mozilla Firefox 19.0.1
Mozilla Firefox 20.0
Mozilla Firefox
Mozilla Firefox Esr 17.0.5
Mozilla Firefox Esr 17.0
Mozilla Firefox Esr 17.0.1
Mozilla Firefox Esr 17.0.6
Mozilla Firefox Esr 17.0.4
Mozilla Firefox Esr 17.0.3
Mozilla Firefox Esr 17.0.2
Mozilla Thunderbird 17.0.3
Mozilla Thunderbird 17.0.1
Mozilla Thunderbird 17.0.4
Mozilla Thunderbird 17.0
Mozilla Thunderbird 17.0.2
Mozilla Thunderbird
Mozilla Thunderbird 17.0.5
Mozilla Thunderbird Esr 17.0.1
Mozilla Thunderbird Esr 17.0.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3