Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN211-1 : enigmail vulnerability Vulnerability Scan

Vulnerability Scan Summary
enigmail vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- mozilla-enigmail
- mozilla-thunderbird-enigmail

Description :

Hadmut Danish discovered an information disclosure vulnerability in
the key selection dialog of the Mozilla/Thunderbird enigmail test.
If a user's keyring contained a key with an empty user id (i. e. a
key without a name and email address), this key was selected by
default when the user attempted to send an encrypted email. Unless
this empty key was manually deselected, the message got encrypted for
that empty key, whose owner could then decrypt it.

Solution :

Upgrade to :
- mozilla-enigmail-0.92.1-0ubuntu05.10 (Ubuntu 5.10)
- mozilla-thunderbird-enigmail-0.92.1-0ubuntu05.10 (Ubuntu 5.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.