CVE-2017-17844

Name of the Vulnerable Software and Affected Versions Enigmail versions prior to 1.9.9

Description A problem has been discovered where a remote attacker can obtain cleartext content by sending an encrypted data block to a victim and relying on the victim to automatically decrypt the block and then send it back to the attacker as quoted text. This issue is also known as the "replay" problem.

Recommendations For Enigmail versions prior to 1.9.9, update to version 1.9.9 or later to resolve the issue. As a temporary workaround, consider disabling automatic decryption of encrypted data blocks until a patch is available. Restrict the use of quoting text in encrypted conversations to minimize the risk of exploitation.