CVE-2019-14664

Name of the Vulnerable Software and Affected Versions Enigmail versions prior to 2.1

Description The issue allows an attacker with PGP encrypted emails to craft a multipart email that can hide the encrypted parts using HTML/CSS or ASCII newline characters. When the receiver replies to this email, they may unknowingly leak the plaintext of the encrypted message back to the attacker. This attack bypasses protection mechanisms implemented after previous attacks.

Recommendations For Enigmail versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider avoiding replies to suspicious or unfamiliar emails to minimize the risk of exploitation. Restrict access to sensitive information when using Enigmail until the issue is resolved.