[Users] FYI: PGP-encrypted email Warning

Kevin Chadwick m8il1ists at gmail.com
Tue May 15 13:06:21 CEST 2018

>The main vector for using the vulnerability is HTML mail, which Claws
>does not support by default. As far as I could see, there was no
>specific reference to the HTML plugins; as far as I understand, Claws
>with an HTML plugin (like Fancy) should get the same score as, e.g.
>KMail (that is, vulnerability can be abused but requires user
>interaction to do so).

Claws does have a html to text button. I assume that is not enough due to the user interaction requirement.

More information about the Users mailing list