Kaie

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions 78.8.1 through 78.10.1 **Description** The issue is related to the storage of OpenPGP secret keys in an unencrypted form on the user's local disk, which could allow an attacker to access confidential information. The master password protection was inactive for the imported keys. **Recommendations** For Thunderbird versions 78.8.1 through 78.10.1, update to version 78.10.2 or later to restore the protection mechanism for newly imported keys and to automatically protect keys that had been imported using affected Thunderbird versions.

**Name of the Vulnerable Software and Affected Versions** Mozilla (affected versions not specified) **Description** A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 78.10 Description: The issue is caused by a synchronization error when using a shared resource, which might be subject to a race condition when a malicious local process or user is replacing a file. This could allow a remote attacker to bypass existing security restrictions. Signatures are written to disk before and read during verification, which can be exploited. Recommendations: For versions prior to 78.10, update to version 78.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the file system to minimize the risk of exploitation. Avoid using shared resources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (affected versions not specified) **Description** A Null pointer dereference issue exists due to a missing NULL check in `PK11 SignWithSymKey` / `ssl3 ComputeRecordMACConstantTime`, which could let a remote malicious user cause a Denial of Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.