Mozilla Foundation Security Advisory 2021-17

Security Vulnerabilities fixed in Thunderbird 78.8.1

Announced
March 8, 2021
Impact
moderate
Products
Thunderbird
Fixed in
  • Thunderbird 78.8.1

Note: This advisory was issued April 20, 2021 to include CVE-2021-29950.

#CVE-2021-29950: Logic issue potentially leaves key material unlocked

Reporter
Cure53
Impact
moderate
Description

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state.

References