Recently, a severe vulnerability called "Efail" was detected that affects Thunderbird with S/MIME and Enigmail. The vulnerability is such that you could reveal decrypted message data to a malicious third party by just reading an email, without noticing it.

We have implemented several fixes to avoid this from happening. However, Thunderbird is still vulnerable today. We therefore recommend that you:

  1. update to Enigmail 2.0.4 as soon as possible.
  2. view messages as "Simple HTML". This will block sending anything unintentionally to an external server. To switch to the "Simple HTML" view, go to menu View > Message Body As > Simple HTML