#224 Content of signed message added to unrelated unsigned & unencrypted message

R Charles

This may be very awkward to track down. I have been unable to reproduce in testing on my own PC, however it has serious security implications hence raising it as a bug.

  1. Compose message A in Thunderbird, sign and send it successfully using Enigmail.

  2. Receive unrelated, unencrypted and unsigned message B in Thunderbird from third party.

  3. Send reply to message B. Reply is unencrypted and unsigned.

  4. Upon reviewing sent message B I find the complete text of signed message A appended at the base of my first reply to message B, with the string 'Enigmail' added on a new line at the end.

In this case the signed message was not sensitive, and was not encrypted. However this is clearly a security problem and could have catastrophic consequences as the content of a message sent to one recipient was included in the text of another sent to a separate recipient.


  • Patrick Brunschwig

    This sounds like your message database index is corrupted (which would be a Thunderbird issue, totally unrelated to Enigmail).

    Right-click on the folder where you see this issue, click on Properties, and in the dialog that opens click on "Repair Folder".

  • Patrick Brunschwig

    • status: open --> invalid
  • Patrick Brunschwig

    No reply from reporter; nothing to analyze or fix.


Log in to post a comment.