VDB

GCVE-110-MAGEIA-2018-354

GCVE-110-MAGEIA-2018-354
Advisory Published
Vulnetix · Advisory published August 23, 2018
Updated thunderbird package fixes security vulnerabilities: * Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids (CVE-2018-12019). * Spoofing of Email signatures I: GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof arbitrary email signatures via the embedded "--filename" parameter in OpenPGP literal data packets. This release of Enigmail prevents the exploit for all versions of GnuPG, i.e. also if GnuPG is not updated (CVE-2018-12020).

Affected Products

VendorProductVersionsPlatforms
Mageiathunderbird0 (affected), 52.9.1-1.1.mga6 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›