Published: 18/10/2005 Updated: 03/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The key selection dialogue in Enigmail prior to 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
enigmail enigmail

Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin If a user’s keyring contained a key with an empty user id (i e a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email Unless this empty ke ...

Hadmut Danish discovered a bug in enigmail, GPG support for Mozilla MailNews and Mozilla Thunderbird, that can lead to the encryption of mail with the wrong public key, hence, potential disclosure of confidential data to others The old stable distribution (woody) does not contain enigmail packages For the stable distribution (sarge) this problem ...

NVD-CWE-Other http://www.cert.dfn.de/infoserv/dsb/dsb-2005-01.html http://www.kb.cert.org/vuls/id/805121 http://www.debian.org/security/2005/dsa-889 http://www.securityfocus.com/bid/15155 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:226 http://www.vupen.com/english/advisories/2005/2158 https://usn.ubuntu.com/211-1/https://usn.ubuntu.com/211-1/https://nvd.nist.gov

CVE-2005-3256

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect