CVE-2021-29957

Published: Jun 24, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.

Affected (1)

Products: Mozilla: Thunderbird

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	Before 78.10.2

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1673241

Source: security@mozilla.org

ExploitPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-22/

Source: security@mozilla.org

Release NotesVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1673241

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-22/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.