#VU53307 Protection Mechanism Failure in Mozilla Thunderbird - CVE-2021-29957
Published: May 17, 2021 / Updated: June 7, 2021
Vulnerability identifier: #VU53307
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-29957
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Thunderbird
Mozilla Thunderbird
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.
Remediation
Install updates from vendor's website.