#224 Content of signed message added to unrelated unsigned & unencrypted message

[R Charles]

This may be very awkward to track down. I have been unable to reproduce in testing on my own PC, however it has serious security implications hence raising it as a bug.

1. Compose message A in Thunderbird, sign and send it successfully using Enigmail.

2. Receive unrelated, unencrypted and unsigned message B in Thunderbird from third party.

3. Send reply to message B. Reply is unencrypted and unsigned.

4. Upon reviewing sent message B I find the complete text of signed message A appended at the base of my first reply to message B, with the string 'Enigmail' added on a new line at the end.

In this case the signed message was not sensitive, and was not encrypted. However this is clearly a security problem and could have catastrophic consequences as the content of a message sent to one recipient was included in the text of another sent to a separate recipient.

[Patrick Brunschwig]

This sounds like your message database index is corrupted (which would be a Thunderbird issue, totally unrelated to Enigmail).

Right-click on the folder where you see this issue, click on Properties, and in the dialog that opens click on "Repair Folder".

[Patrick Brunschwig]

No reply from reporter; nothing to analyze or fix.