CVE-2021-29957
Published: 28 May 2021
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Released
(1:78.11.0+build1-0ubuntu0.18.04.2)
|
| focal |
Released
(1:78.11.0+build1-0ubuntu0.20.04.2)
|
|
| groovy |
Released
(1:78.11.0+build1-0ubuntu0.20.10.2)
|
|
| hirsute |
Released
(1:78.11.0+build1-0ubuntu0.21.04.2)
|
|
| impish |
Released
(1:78.11.0+build1-0ubuntu2)
|
|
| jammy |
Released
(1:78.11.0+build1-0ubuntu2)
|
|
| kinetic |
Released
(1:78.11.0+build1-0ubuntu2)
|
|
| lunar |
Released
(1:78.11.0+build1-0ubuntu2)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(78.10.2)
|
|
| xenial |
Ignored
(out of standard support)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |