Using Content-Type = multipart/alternative, it is possible to trick Enigmail into displaying a valid signature status for a MIME part that is actually not signed.
Such messages have the following structrure (or similar):
| |- text/plain
Fixed in 2.1.5.
Created thunderbird-enigmail tracking bugs for this issue:
Affects: epel-7 [bug 1790325]
Affects: fedora-all [bug 1790324]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.