Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23991

Опубликовано: 08 апр. 2021
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2021:119214.04.2021
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2021:119314.04.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportthunderbirdFixedRHSA-2021:119014.04.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2021:120114.04.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-347
https://bugzilla.redhat.com/show_bug.cgi?id=1948393Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key

EPSS

Процентиль: 42%
0.00204
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-23991

CVSS3: 6.8
ubuntu
больше 4 лет назад

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

nvd логотип

CVE-2021-23991

CVSS3: 6.8
nvd
больше 4 лет назад

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

debian логотип

CVE-2021-23991

CVSS3: 6.8
debian
больше 4 лет назад

If a Thunderbird user has previously imported Alice's OpenPGP key, and ...

github логотип

GHSA-x5j6-p8w8-5r65

github
больше 3 лет назад

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

fstec логотип

BDU:2021-02077

CVSS3: 4.2
fstec
около 5 лет назад

Уязвимость почтового клиента Thunderbird, связанная c некорректной проверкой криптографической подписи OpenPGP, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 42%
0.00204
Низкий

6.8 Medium

CVSS3