CVE-2021-29957

Exploit

EPSS 0.31%
Published 24.06.2021 14:15:10
Last modified 21.11.2024 06:02:03
Source security@mozilla.org
Teams watchlist Login
Open Login

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird Version < 78.10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.507

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://www.mozilla.org/security/advisories/mfsa2021-22/

Vendor Advisory

Release Notes

https://bugzilla.mozilla.org/show_bug.cgi?id=1673241

Patch

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-29957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-29957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-29957

EUVD