Follow

2.0.11 (2019-05-21) addresses a security issue with inline-PGP messages that allows an attacker to have Enigmail display a correctly signed or encrypted message info, but display a different unauthenticated text.

This is the bug report sourceforge.net/p/enigmail/bug

It works by appending a legit signed message as inline PGP:

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!