I have released Enigmail v2.0.4 for Thunderbird version 52 and SeaMonkey 2.46 and newer.
Changes ======= This version implements two workarounds to prevent against "Efail" vulnerabilities (https://efail.de). I strongly recommend to upgrade to Enigmail 2.0.4 as soon as possible. Details ======= Efail: fail on GnuPG integrity check warnings for old Algorithms ---------------------------------------------------------------- Enigmail now discovers if GnuPG prints a warning message about missing MDC (Modification Detection Code) for old algorithms like CAST5 and treats it like a hard failure. Such a message will no longer be displayed. Efail: protect against remot URL calls in unpatched Thunderbird --------------------------------------------------------------- I implemented a workaround to prevent against leaking decrypted message data to remote URLs. This workaround is meant as temporary measure until Thunderbird has a more robust solution. The workaround protects successfully against the known forms of the vulnerabilities. I still recommend to use the "Simple HTML" view in Thunderbird (accessible via menu View > Message Body as > Simple HTML) to prevent from loading any remote content. Obtaining Enigmail ================== Enigmail can be downloaded from <https://www.enigmail.net/index.php/en/download/> The changelog is available from <https://www.enigmail.net/index.php/en/download/changelog> Additional Remarks ================== The new version is still waiting for approval on https://addons.mozilla.org; you should receive it automatically via the addons-update once the approval is made. -Patrick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
