[MFSA-2021-22] Security Vulnerabilities fixed in Thunderbird 78.10.2

Severity Low

Affected Packages 1

Fixed Packages 1

CVEs 2

CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection (low)
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions.
CVE-2021-29957: Partial protection of inline OpenPGP message not indicated (low)
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.

Package	Affected Version
pkg:mozilla/Thunderbird	< 78.10.2

Package	Fixed Version
pkg:mozilla/Thunderbird	= 78.10.2

ID

MFSA-2021-22

Severity

low

URL

Published

2021-05-17T00:00:00
(3 years ago)

Modified

2021-05-17T00:00:00
(3 years ago)

Other Advisories

Source	# ID	Name	URL
Bugzilla	1710290		https://bugzilla.mozilla.org/show_bug.cgi?id=1710290
Bugzilla	1673241		https://bugzilla.mozilla.org/show_bug.cgi?id=1673241

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:mozilla/Thunderbird		Thunderbird	< 78.10.2
Fixed	pkg:mozilla/Thunderbird		Thunderbird	= 78.10.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date