CVE-2021-29950
HIGHThunderbird < 78.8.1 - Cleartext Storage of Sensitive OpenPGP Key in Memory
Title source: llmDescription
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2021-17/
Exploit, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1673239
Scores
CVSS v3
7.5
EPSS
0.0013
EPSS Percentile
32.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
mozilla/thunderbird
< 78.8.1
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026