Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#224 Content of signed message added to unrelated unsigned & unencrypted message

invalid
nobody
None
1.6.0
Blocker
24.0.1
Windows
---
2014-11-02
2013-12-09
R Charles
No

This may be very awkward to track down. I have been unable to reproduce in testing on my own PC, however it has serious security implications hence raising it as a bug.

  1. Compose message A in Thunderbird, sign and send it successfully using Enigmail.

  2. Receive unrelated, unencrypted and unsigned message B in Thunderbird from third party.

  3. Send reply to message B. Reply is unencrypted and unsigned.

  4. Upon reviewing sent message B I find the complete text of signed message A appended at the base of my first reply to message B, with the string 'Enigmail' added on a new line at the end.

In this case the signed message was not sensitive, and was not encrypted. However this is clearly a security problem and could have catastrophic consequences as the content of a message sent to one recipient was included in the text of another sent to a separate recipient.

Discussion

  • This sounds like your message database index is corrupted (which would be a Thunderbird issue, totally unrelated to Enigmail).

    Right-click on the folder where you see this issue, click on Properties, and in the dialog that opens click on "Repair Folder".

     
    • status: open --> invalid
     
  • No reply from reporter; nothing to analyze or fix.