CVE-2021-29956

Published: Jun 24, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

Affected (1)

Products: Mozilla: Thunderbird

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	From 78.8.1 to 78.10.1

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1710290

Source: security@mozilla.org

ExploitPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-22/

Source: security@mozilla.org

Release NotesVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1710290

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-22/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.