Opened 5 weeks ago

Last modified 5 weeks ago

#30534 new defect

Torbirdy: While TorBirdy running cannot seem to get any Add-ons from the Add-on Manager

Reported by: torlove Owned by: sukhbir
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Steps

  • TorBirdy running (and afraid to turn it off, lest it de-anonymises me)
  • Click the 'Add-on Manager' tab
  • Scroll down to Enigmail and click it.
  • A blue and white page flickers onto the screen momentarily before. A message heading appears, "What are addons". The second paragraph of the body says, "When you're connected to the internet, this pane will feature..." etc etc

Tried also

  • search 'enigmail' in the Add-on Manager I get a tab titled "Oops". Page has heading "Oops! We had an error" Body text says "We'll get to fixing that soon." etc etc

Child Tickets

Change History (4)

comment:1 Changed 5 weeks ago by nickm

Component: - Select a componentApplications/TorBirdy
Owner: set to sukhbir

comment:2 Changed 5 weeks ago by torlove

For others who may be experiencing this problem, the following install instructions may help:
https://www.whonix.org/wiki/Encrypted_Email_with_Thunderbird_and_Enigmail

comment:3 Changed 5 weeks ago by torlove

I repeat, MAY HELP (did not help in my case).

Very interesting.

I now suspect that a vulnerability is built into the fetching of the Add-on itself, possibly a downgrading of the security such that a man-in-the-middle attack is possible.

Is there a secure way to get the Enigmail?

comment:4 Changed 5 weeks ago by torlove

... or you can just go to www.enigmail.net to get the file.

shasum -a 256 enigmail-2.0.10-tb.xpi

1e182eb0ca4f8a30c282098c78dcb9b49211c564dc07d26fe3fc0aebef160dba

Signed Sun 24 Mar 2019 22:48:58 ACDT

using RSA key 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B


Please continue looking into this problem though, I do suspect an encryption downgrade attack could be the culprit at this time but I'm not proficient in identifying such.

Note: See TracTickets for help on using tickets.