An issue exists in Enigmail prior to 1.9.9 that allows remote malicious users to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
enigmail enigmail |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |