Efail: don't block decryption of mixed content entirely

OpenPGP addon for Mozilla Thunderbird

Brought to you by: pbrunschwig

#893 Efail: don't block decryption of mixed content entirely

Status: fixed

Owner: nobody

Labels: None

Found in Version: 2.0.5

Severity: Major

Thunderbird version:

GnuPG version:

Operating System: All

Fixed in version: 2.0.8

Cc: nobody

Updated: 2018-08-05

Created: 2018-08-05

Creator: Patrick Brunschwig

Private: No

In order to prevent against the Efail attack, Enigmail does simply not decrypt mixed (encrypted & unencrypted) content anymore. An ideal solution would be to ensure that mixed content cannot blend into each other.

That's not possible with Thunderbird, as everything goes into a single HTML document. However, the following workaround is feasible:

pretend that a PGP/MIME part of a mixed-content message is an attachment.
if mixed content is displayed, don't decrypt the message, but display a placeholder message instead
if encrypted message is part opened in a separate window (and just that bit, without anything else before or after), then decrypt the message.

Forum: Enigmail 2.0.5 available - full protection against Efail

Efail: don't block decryption of mixed content entirely

OpenPGP addon for Mozilla Thunderbird

Searches

Help

#893 Efail: don't block decryption of mixed content entirely

Related

Discussion