Closed Bug 1782483 Opened 2 months ago Closed 29 days ago

Check usage of "SecondEmail" in enigmailKeyManager.js

Categories

(MailNews Core :: Security: OpenPGP, defect, P3)

Thunderbird 102

Tracking

(thunderbird_esr102 wontfix)

RESOLVED FIXED
106 Branch
Tracking Status
thunderbird_esr102 --- wontfix

People

(Reporter: thomas8, Assigned: mkmelin)

References

(Blocks 2 open bugs)

Details

Attachments

(1 file)

Let's remove double-check on the uses of "SecondEmail" from encryption territory to prevent cunning bugs!

https://searchfox.org/comm-central/rev/77174e77a7a4dc1eca61d40667af4e1772b5b1ac/mail/extensions/openpgp/content/ui/enigmailKeyManager.js#830

(In reply to Thomas D. (:thomas8) from Bug 1782481 comment #0)

+++ This bug was initially created as a clone of Bug #1777156 +++

We're no longer using "SecondEmail" now that we support more.
So instances of "SecondEmail" in the code have a high risk of causing weird bugs.
We should eliminate those instances before wasting resources on such bugs.

Kai, are you able to estimate/shortly describe the user impact/severity of using only "SecondEmail" in enigmailDowloadContactKeysEngine(), i.e. skipping all email addresses except the first on each contact?
Should we raise the Priority/Severity here (currently set at P3/S3)?

(In reply to Thomas D. (:thomas8) from comment #0)

Let's remove uses of "SecondEmail" from encryption territory to prevent cunning bugs!

https://searchfox.org/comm-central/rev/77174e77a7a4dc1eca61d40667af4e1772b5b1ac/mail/extensions/openpgp/content/ui/enigmailKeyManager.js#830

Component: Address Book → Security: OpenPGP
Flags: needinfo?(kaie)
Product: Thunderbird → MailNews Core
Summary: Remove "SecondEmail" from enigmailKeyManager.js → Check usage of "SecondEmail" in enigmailKeyManager.js

(In reply to Thomas D. (:thomas8) from comment #1)

Kai, are you able to estimate/shortly describe the user impact/severity of using only "SecondEmail" in enigmailDowloadContactKeysEngine(), i.e. skipping all email addresses except the first on each contact?

That's inside a commented block (unused code), so OpenPGP won't be affected.

Flags: needinfo?(kaie)
Blocks: tb102found
Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
Target Milestone: --- → 106 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/6281025f7a52
Remove some dead code from enigmailKeyManager.js. r=kaie

Status: ASSIGNED → RESOLVED
Closed: 29 days ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.