This may be very awkward to track down. I have been unable to reproduce in testing on my own PC, however it has serious security implications hence raising it as a bug.
Compose message A in Thunderbird, sign and send it successfully using Enigmail.
Receive unrelated, unencrypted and unsigned message B in Thunderbird from third party.
Send reply to message B. Reply is unencrypted and unsigned.
Upon reviewing sent message B I find the complete text of signed message A appended at the base of my first reply to message B, with the string 'Enigmail' added on a new line at the end.
In this case the signed message was not sensitive, and was not encrypted. However this is clearly a security problem and could have catastrophic consequences as the content of a message sent to one recipient was included in the text of another sent to a separate recipient.
Log in to post a comment.