cve/2018/CVE-2018-12019.md

### [CVE-2018-12019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12019)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.

### POC

#### Reference
- http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-12019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12019)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html`

			`#### Github`
			`No PoCs found on GitHub currently.`