Critical vulnerabilities in PGP/GPG and S/MIME email encrypt
Re: Critical vulnerabilities in PGP/GPG and S/MIME email enc
This statement is wrong. The vulnerability exists with the email clients, which don't process the HTML emails correctly. The decrypted email text is interpreted by the email clients as part of a URL pointing to an image, and when fetching this URL, the server who is contacted for it, gets the URL with the decrypted email text. The encryption is therefore not cracked.
A new version of the add-on "Enigmail" for Thunderbird has already been released, which closes this vulnerability. A fix from the Thunderbird developers would have taken longer, so the Enigmail developers did the fix.
HTML emails are usually bad in view of security. People who had disabled the display of HTML emails in their email client were not affected by this vulnerability.
A new version of the add-on "Enigmail" for Thunderbird has already been released, which closes this vulnerability. A fix from the Thunderbird developers would have taken longer, so the Enigmail developers did the fix.
HTML emails are usually bad in view of security. People who had disabled the display of HTML emails in their email client were not affected by this vulnerability.
Why OpenSource should have a license :: PB-CodeArchiv-Rebirth :: Pleasant-Dark (syntax color scheme) :: RegEx-Engine (compiles RegExes to NFA/DFA)
Manjaro Xfce x64 (Main system) :: Windows 10 Home (VirtualBox) :: Newest PureBasic version
- NicTheQuick
- Addict
- Posts: 1224
- Joined: Sun Jun 22, 2003 7:43 pm
- Location: Germany, Saarbrücken
- Contact:
Re: Critical vulnerabilities in PGP/GPG and S/MIME email enc
In fact Thunderbird was not affected with unchanged settings because it never loads external resources without asking you first.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.