cvedb.io
CVE-2017-17848
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-12-27T17:08:19.920 · Last modified 2026-06-17T01:11:46.063

Summary

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.

Affected products

enigmail — enigmail

Does this affect you?

Add your gear to cvedb and we'll alert you only when enigmail ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.