CVE-2021-4126 — Mozilla Thunderbird vulnerability

8 documents6 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.3%

top 43.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Thunderbird Mozilla Firefox

Timeline

PublishedDec 22

Description

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. T…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶debiandebian/thunderbird< thunderbird 1:91.4.1-1 (bookworm)

▶CVEListV5mozilla/thunderbirdunspecified — 91.4.1

▶NVDmozilla/thunderbird< 91.4.1

▶Debianmozilla/thunderbird< 1:91.4.1-1~deb11u1+3

▶Ubuntumozilla/thunderbird< 1:91.5.0+build1-0ubuntu0.18.04.1+1

🔴Vulnerability Details

GHSA

GHSA-v2cr-gvw4-g56p: When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mail↗2022-12-22

▶

OSV

CVE-2021-4126: When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mail↗2022-12-22

▶

OSV

thunderbird vulnerabilities↗2022-01-21

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Ubuntu

Thunderbird vulnerabilities↗2022-01-21

▶

Debian

CVE-2021-4126: thunderbird - When receiving an OpenPGP/MIME signed email message that contains an additional ...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-55: CVE-2021-4126↗

▶