|
Family: Ubuntu Local Security Checks --> Category: infos
USN211-1 : enigmail vulnerability Vulnerability Scan
Vulnerability Scan Summary enigmail vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- mozilla-enigmail
- mozilla-thunderbird-enigmail
Description :
Hadmut Danish discovered an information disclosure vulnerability in
the key selection dialog of the Mozilla/Thunderbird enigmail test.
If a user's keyring contained a key with an empty user id (i. e. a
key without a name and email address), this key was selected by
default when the user attempted to send an encrypted email. Unless
this empty key was manually deselected, the message got encrypted for
that empty key, whose owner could then decrypt it.
Solution :
Upgrade to :
- mozilla-enigmail-0.92.1-0ubuntu05.10 (Ubuntu 5.10)
- mozilla-thunderbird-enigmail-0.92.1-0ubuntu05.10 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|