CVE-2007-1264
EPSS 12.4%Published: 3/6/2007Modified: 4/28/2026
Description
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Affected packages (1)
- Debian/enigmailfrom 0, < 2:0.95.0+1-1