Home > Vulnerability Database > CVE-2021-29956

Mend.io Vulnerability Database

CVE-2021-29956

Date: June 24, 2021

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

Severity Score

4.3

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2021-29956

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1710290

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-29956

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29956

Url: https://www.mozilla.org/security/advisories/mfsa2021-22/

Url: https://access.redhat.com/security/cve/CVE-2021-29956

Url: https://www.mend.io/vulnerability-database/CVE-2021-29956

Severity Score

4.3

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29956

Date: June 24, 2021

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?