Vulnerabilities > Enigmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-08 | CVE-2014-5369 | Cryptographic Issues vulnerability in Enigmail 1.7/1.7.2 Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |
| 2007-03-06 | CVE-2007-1264 | Unspecified vulnerability in Enigmail Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2007-02-23 | CVE-2006-5877 | Denial Of Service vulnerability in Enigmail Memory Allocation The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | 7.8 |
| 2005-10-18 | CVE-2005-3256 | Unspecified vulnerability in Enigmail The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. | 5.0 |