Subj : openpgp.js vulnerability
To   : All
From : August Abolins
Date : Sun May 25 2025 11:30:00

Best to patch up!

There is a CVE-2025-47934 issued for the openpgp.js issue  
mentioned a few days ago.

People using Mailvelop, Flowcrypt, Mymail-crypt, UDC,  
Encrypt.to, PGP Anywhere, passbolt  ..should be wary.

Protonmali seems to be using one of the openpgp.js packages out  
there too, but I cannot confirm which one.

""Proton Mail uses version 3.0 of OpenPGPjs. This version,  
released in March 2018, includes improvements that enable full  
interoperability with PGP and allows for better overall  
functionality, as outlined by Proton."  ..that's their  
statement from 2018.

So.. does Protonmail use this one..
https://github.com/ProtonMail/gopenpgp ?

Or this one..
https://Github.com/openpgpjs/openpgpjs  ..has 6.1.0.


"In technical terms, the vulnerability arises because
OpenPGP.js fails to correctly associate the extracted message
data with its actual signature during verification. This
oversight allows attackers to manipulate the content of a
message while retaining a valid signature from a previous,
unrelated message.

"In order to spoof a message," the advisory explains, "the
attacker needs a single valid message signature (inline or
detached) as well as the plaintext data that was legitimately
signed. They can then construct an inline-signed or signed-and-
encrypted message containing any data of their choice, which
will appear as legitimately signed."

"This means a bad actor can reuse a valid signature to forge
new content that appears authentic to the recipient, bypassing
the trust model OpenPGP is built upon.

Mozilla's Response and Patches
In response to these vulnerabilities, Mozilla has issued
security patches for the following versions:

Mozilla Firefox 134
Mozilla Thunderbird 134
Firefox ESR 115.19 and 128.6
Thunderbird ESR 115.19 and 128.6

https://thecyberexpress.com/critical-vulnerabilities-in-mozilla-products/


--- OpenXP 5.0.64
 * Origin:  (618:400/23.10)

.