The host is installed with Thunderbird before 60.5.1 and is prone to a signature spoofing vulnerability. A flaw is present in the application, which fails to handle S/MIME signatures. Successful exploitation allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content..