[Enigmail] [ANN] Enigmail 2.0.4 available - better protection against Efail

Patrick Brunschwig patrick at enigmail.net
Wed May 16 16:40:35 CEST 2018

I have released Enigmail v2.0.4 for Thunderbird version 52 and SeaMonkey
2.46 and newer.

This version implements two workarounds to prevent against "Efail"
vulnerabilities (https://efail.de). I strongly recommend to upgrade to
Enigmail 2.0.4 as soon as possible.


Efail: fail on GnuPG integrity check warnings for old Algorithms

Enigmail now discovers if GnuPG prints a warning message about missing
MDC (Modification Detection Code) for old algorithms like CAST5 and
treats it like a hard failure. Such a message will no longer be

Efail: protect against remot URL calls in unpatched Thunderbird
I implemented a workaround to prevent against leaking decrypted message
data to remote URLs. This workaround is meant as temporary measure until
Thunderbird has a more robust solution. The workaround protects
successfully against the known forms of the vulnerabilities.

I still recommend to use the "Simple HTML" view in Thunderbird
(accessible via menu View > Message Body as > Simple HTML) to prevent
from loading any remote content.

Obtaining Enigmail
Enigmail can be downloaded from

The changelog is available from

Additional Remarks
The new version is still waiting for approval on
https://addons.mozilla.org; you should receive it automatically via the
addons-update once the approval is made.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/attachments/20180516/b0b9dca7/attachment.sig>

More information about the enigmail-users mailing list