4.3

CVE-2021-29956

Exploit

EPSS 0.13%
Published 24.06.2021 14:15:10
Last modified 21.11.2024 06:02:03
Source security@mozilla.org
Teams watchlist Login
Open Login

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird Version >= 78.8.1 <= 78.10.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://bugzilla.mozilla.org/show_bug.cgi?id=1710290

Patch

Vendor Advisory

Exploit

https://www.mozilla.org/security/advisories/mfsa2021-22/

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-29956

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29956

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29956

EUVD