Mozilla Foundation Security Advisory 2021-17
Security Vulnerabilities fixed in Thunderbird 78.8.1
- Announced
- March 8, 2021
- Impact
- moderate
- Products
- Thunderbird
- Fixed in
-
- Thunderbird 78.8.1
Note: This advisory was issued April 20, 2021 to include CVE-2021-29950.
#CVE-2021-29950: Logic issue potentially leaves key material unlocked
- Reporter
- Cure53
- Impact
- moderate
Description
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state.