Thunderbird and Efail

Ben Bucksch ben.bucksch at
Wed May 16 00:59:40 UTC 2018

Nomis101 🐝 wrote on 16.05.18 01:31:
> I assume the S/MIME implementation is affected from Efail? Is this a
> serious issue for all Thunderbird users who are relying on S/MIME (and
> sending HTML emails)?


That said, the attack is an active MITM attack. The attacker needs to 
modify your emails. You can also detect it. So, it's a crude attack from 
an attacker's viewpoint.

Good news is that it's simple to mitigate. Simply enable View | Message 
Body as | Simple HTML, and the attack will no longer work. This feature 
neutralizes the attack in 2 different ways. If security is important to 
you, you should enable that anyways, as it neutralizes whole classes of 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tb-planning mailing list