CVE-2018-15586

Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.

Date published : 2019-02-11

http://seclists.org/fulldisclosure/2019/Apr/38

http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html