Most of these issues can be mitigated by viewing e-mails in plain text
+
mode, via the "View", "Message Body As", "Plain Text" menus.
Impact
+
A remote attacker might be able to access sensitive information via a crafted encrypted e-mail, and spoof the name of an attachment. A remote attacker might also be able to access sensitive information, crash the process or execute arbitrary code via a crafted HTML e-mail if viewing HTML messages is enabled.