PT-2021-3102 · Mozilla+8 · Thunderbird+8

Kai Engert

Published

2021-05-17

Updated

2024-06-15

CVE-2021-29956

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Thunderbird versions 78.8.1 through 78.10.1

Description The issue is related to the storage of OpenPGP secret keys in an unencrypted form on the user's local disk, which could allow an attacker to access confidential information. The master password protection was inactive for the imported keys.

Recommendations For Thunderbird versions 78.8.1 through 78.10.1, update to version 78.10.2 or later to restore the protection mechanism for newly imported keys and to automatically protect keys that had been imported using affected Thunderbird versions.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

ALT-PU-2021-1829

ALT-PU-2021-1886

ALT-PU-2021-1892

BDU:2021-02725

CESA-2021_2264

CVE-2021-29956

DLA-2679-1

DSA-4927-1

MGASA-2021-0217

OPENSUSE-SU-2021:1854-1

OPENSUSE-SU-2021_1854-1

OPENSUSE-SU-2024:10601-1

RHSA-2021:2261

RHSA-2021:2262

RHSA-2021:2263

RHSA-2021:2264

RHSA-2021_2263

RHSA-2021_2264

RLSA-2021:2264

SUSE-SU-2021:1854-1

USN-4995-1

USN-4995-2

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2021-3102 · Mozilla+8 · Thunderbird+8

CVE-2021-29956

Weakness Enumeration

Related Identifiers

Affected Products

References · 461