...
While a user is logged on, the user’s or customer’s S/MIME certificate or PGP key can be added/replaced or removed using a CSRF attack. To replace an S/MIME certificate or PGP key, it must be specifically drafted to match the user’s email address.
The injection could be initiated by the user clicking a malicious link in an email or by visiting a malicious website.
...