VDB
GCVE-110-MAGEIA-2018-354
GCVE-110-MAGEIA-2018-354
Advisory Published
Updated thunderbird package fixes security vulnerabilities:
* Spoofing of Email signatures II: The signature verification routine in
Enigmail interpreted User IDs as status/control messages and did not
correctly keep track of the status of multiple signatures. This allowed
remote attackers to spoof arbitrary email signatures via public keys
containing crafted primary user ids (CVE-2018-12019).
* Spoofing of Email signatures I: GnuPG 2.2.8 fixed a security bug that
allows remote attackers to spoof arbitrary email signatures via the
embedded "--filename" parameter in OpenPGP literal data packets. This
release of Enigmail prevents the exploit for all versions of GnuPG,
i.e. also if GnuPG is not updated (CVE-2018-12020).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | thunderbird | 0 (affected), 52.9.1-1.1.mga6 (unaffected) | — |
Aliases
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.