CVE-2007-1264
Published: 6 March 2007
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Notes
Author | Note |
---|---|
kees | feature-request not security issue since gpg is fixed with CVE-2007-1263 |