1. Home
  2. Vulnerabilities
  3. CVE-2021-23991

CVE-2021-23991

CVSS v3.1 6.8 (Medium)
68% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.19 % (57th)
0.19% Progress
Affected Products 1
Advisories 12
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2021-06-24 14:15:09
(3 years ago)
Updated Date
2021-07-08 15:50:46
(3 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Thunderbird prior 78.9.1 version cpe:2.3:a:mozilla:thunderbird < 78.9.1