Security Advisory

CVE-2017-17847

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-12-22 23:00:00

Last updated 2024-08-05 21:06:49

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.

← Browse all CVEs View on cve.org ↗