Fix EFAIL

This is about http://efail.de, a vulnerability in multiple email clients, including Thunderbird + Enigmail, which allows exfiltrating plaintext of GPG encrypted emails.

What we know so far:

The enigmail version we ship (1.9.9) seems to be affected, and there don’t seem to be any security patches to the Debian package after the 1.9.9 release.

According to this, Thunderbird doesn’t have patches released yet

We could be saved by Torbirdy, because, according to the EFAIL website, “the most prominent way of attacking EFAIL” uses HTML, and Torbirdy completely disables HTML.

Team: sajolida

Feature Branch: feature/15091-thunderbird-60

Attachments

Related issues

Related to #15657 (closed)
Related to #15486 (closed)
Related to #15661 (closed)
Related to #15692 (closed)
Related to #15658
Blocked by #15607 (closed)
Blocks #15334 (closed)
Blocked by #15091 (closed)

Original created by @segfault on 15602 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information