2018-05-16 Efail Vulnerability Affects Encrypted Mails
Recently, a severe vulnerability called "Efail" was detected that affects Thunderbird with S/MIME and Enigmail. The vulnerability is such that you could reveal decrypted message data to a malicious third party by just reading an email, without noticing it.
We have implemented fixed version of Enigmail that prevent from this vulnerability. We therefore recommend that you:
- update to Enigmail 2.0.5 as soon as possible.
- If you use S/MIME, view your messages as "Simple HTML". This will block sending anything unintentionally to an external server. To switch to the "Simple HTML" view, go to menu View > Message Body As > Simple HTML