Thunderbird and Efail

Ben Bucksch ben.bucksch at beonex.com
Wed May 16 00:59:40 UTC 2018


Nomis101 🐝 wrote on 16.05.18 01:31:
> I assume the S/MIME implementation is affected from Efail? Is this a
> serious issue for all Thunderbird users who are relying on S/MIME (and
> sending HTML emails)?
> https://efail.de


Yes.

That said, the attack is an active MITM attack. The attacker needs to 
modify your emails. You can also detect it. So, it's a crude attack from 
an attacker's viewpoint.

Good news is that it's simple to mitigate. Simply enable View | Message 
Body as | Simple HTML, and the attack will no longer work. This feature 
neutralizes the attack in 2 different ways. If security is important to 
you, you should enable that anyways, as it neutralizes whole classes of 
attacks.

Ben

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20180516/ee88ada8/attachment.html>


More information about the tb-planning mailing list