The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
Fix EFAIL
Originally created by @segfault on #15602 (Redmine)
This is about http://efail.de, a vulnerability in multiple email clients, including Thunderbird + Enigmail, which allows exfiltrating plaintext of GPG encrypted emails.
What we know so far:
- The enigmail version we ship (1.9.9) seems to be affected, and there don’t seem to be any security patches to the Debian package after the 1.9.9 release.
- According to this, Thunderbird doesn’t have patches released yet
- We could be saved by Torbirdy, because, according to the EFAIL website, “the most prominent way of attacking EFAIL” uses HTML, and Torbirdy completely disables HTML.
Team: sajolida
Feature Branch: feature/15091-thunderbird-60
Attachments
Related issues
- Related to #15657 (closed)
- Related to #15486 (closed)
- Related to #15661 (closed)
- Related to #15692 (closed)
- Related to #15658 (closed)
- Blocked by #15607 (closed)
- Blocks tails/accounting#15334
- Blocked by #15091 (closed)