CVE-2021-29956 Information

Description

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

https://www.mozilla.org/security/advisories/mfsa2021-22/ https://bugzilla.mozilla.org/show_bug.cgi?id=1710290

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3