I'm happy to announce the availability of Enigmail v1.9.9 for Thunderbird version 52.x and SeaMonkey 2.46.
This version addresses a number of security vulnerabilities discovered by Cure53 during an audit of Thunderbird with Enigmail. The audit report covers both Thunderbird and Enigmail. As some vulnerabilities are still unfixed on the side of Thunderbird, we currently only publish an excerpt of the report with the issues found in Enigmail [1]. Enigmail is one of the most widely used tool for OpenPGP email encryption. Yet it took 16(!) years of development until the first security audit was performed. It was more than overdue, and I would like to thank Posteo (www.posteo.de) for taking the initiative and co-financing an audit report together with the Mozilla Foundation. Not very surprising for such an old project, the audit report revealed a number of important issues that were addressed now. Changes ======= See the Pentest Report for Enigmail by Cure53 [1]. In addition, Bug 709 was fixed [2]. Obtaining Enigmail ================== Enigmail can be downloaded from <https://www.enigmail.net/index.php/en/download/> The changelog is available from <https://www.enigmail.net/index.php/en/download/changelog> Additional Remarks ================== Beta versions of Thunderbird require a nightly build of Enigmail, i.e. Enigmail v1.9.x will not work with Thunderbird 56b1 and newer. -Patrick [1] <https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf> [2] <https://sourceforge.net/p/enigmail/bugs/709/>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net