← Back

CVE-2021-23991

nvd nist
Published: Jun 24, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: NVD

Description

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

Affected (1)

Products: Mozilla: Thunderbird
Mozilla
1 product
Thunderbird
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Thunderbird
Before 78.9.1

References (4)

Source: security@mozilla.org
ExploitIssue TrackingVendor Advisory
Source: security@mozilla.org
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.