An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-12-22T23:00:00
Updated: 2018-02-02T10:57:01
Reserved: 2017-12-22T00:00:00
Link: CVE-2017-17843
JSON object: View
NVD Information
Status : Modified
Published: 2017-12-27T17:08:19.670
Modified: 2023-11-07T02:41:47.383
Link: CVE-2017-17843
JSON object: View
Redhat Information
No data.
CWE