CVE-2021-29957
high
CVSS v3
—
CVSS v2
—
VIR risk
8.0
Description
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-29957
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2021:2264
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-29957.html
Vendor advisory: arch — https://security.archlinux.org/ASA-202105-29
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 78.10.2-1 | |
| sles | affected | | |
| rocky | 8 | fixed | |
| debian | bookworm | fixed | 1:78.10.2-1 |
| debian | bullseye | fixed | 1:78.10.2-1 |
| debian | forky | fixed | 1:78.10.2-1 |
| debian | sid | fixed | 1:78.10.2-1 |
| debian | trixie | fixed | 1:78.10.2-1 |
References
Verify integrity in audit chain (admin only). AS-IS.