This is a screenshot I received in November. What is shows is that Enigmail got the error from gpg and displays an error. However, the plaintext is also displayed (the garbled stuff) and would thus trigger the explot. But first the user has to agree to it (the blue TB warning). So this screenshot actually shows that the exploit did not work.

However, TB allows to override this warning not only global but also per sender. Thus if the sender was whitelisted the back channel could be used. The defaults are different and in the efaul paper they should have listed this as "with user consent".