| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-17843 | 4.3 |
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as
|
03-10-2019 - 00:03 | 27-12-2017 - 17:08 | |
| CVE-2017-17844 | 4.3 |
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block
|
03-10-2019 - 00:03 | 27-12-2017 - 17:08 | |
| CVE-2017-17848 | 5.0 |
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words
|
16-05-2019 - 17:29 | 27-12-2017 - 17:08 | |
| CVE-2017-17846 | 5.0 |
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
|
04-02-2018 - 02:29 | 27-12-2017 - 17:08 | |
| CVE-2017-17847 | 5.0 |
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demo
|
04-02-2018 - 02:29 | 27-12-2017 - 17:08 | |
| CVE-2017-17845 | 7.5 |
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
|
04-02-2018 - 02:29 | 27-12-2017 - 17:08 |