*** This bug is a security vulnerability ***

Public security bug reported:

Steps to reproduce:

1. In Thunderbird: Go to your Inbox and select an unencrypted and unsigned mail 
and look at it in the message pane.
2. Hit CTRL+N to write a new Mail.
3. Hit CTRL+Shift+E to encrypt this mail. (If not already done by deafult)
4. Hit CTRL+Shift+S to sign this mail. (If not already done by deafult)
5. Complete the mail with recipient, subject and text.
6. Send it.

7. Now just look at the (unencrypted & unsigned) mail from step 1 again.
It is still displayed but now the symbols for encryption and signature
appear and it is stated that this mail was signed by myself, which is
obviously not true.

Tested on Ubuntu 14.04, Thunderbird 24.5.0, enigmail 2:1.5.2-0ubuntu1

** Affects: enigmail (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1329700

Title:
  Sending encrypted mails creates false information on mails in Inbox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/enigmail/+bug/1329700/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to