Menu
▾
▴
1 Attachments
#421 Shows wrong signature on email
fixed
nobody
None
1.7.2
Minor
31.4.0
1.4.18 / 2.0.26
Mac_OS_X
1.8.0
nobody
2015-03-20
2015-03-02
No
While viewing a mail from our server, that was definitely not encrypted, I noticed that Enigmail displayed a notification that the signature on this email was good and verified.
Which is wrong. Attached is a screenshot that shows this problem. I am not sure how to exactly reproduce it - to be frank, I suspect a race condition of some sort.
This may lead to trusting an email that is not actually signed, so there are security implications here.
A targeted exploit of this depends on knowing the timing of user interactions (possibly achieved if the mailer loads HTML images).
Reproducible on Thunderbird on Linux in classic view mode as well.
Could you please try to reproduce this with https://www.enigmail.net/download/beta/enigmail-1.8b1-tb+sm.xpi ?
I think that all types of this bug are fixed with Enigmail v1.8. Please reopen if you still find such errors.