Name of the Vulnerable Software and Affected Versions Enigmail versions prior to 1.9.9

Description The issue allows an attacker to coerce Enigmail into using a malicious PGP public key with a corresponding secret key controlled by the attacker. Additionally, Enigmail could replay encrypted content in partially encrypted e-mails, leading to a plaintext leak. It could also be tricked into displaying incorrect signature verification results. Furthermore, specially crafted content may cause a denial of service.

Recommendations For Enigmail versions prior to 1.9.9, update to version 1.9.9 to resolve the issues.