Main Vulnerability Database Vulnerabilities #VU53307

Protection Mechanism Failure in Mozilla Thunderbird - CVE-2021-29957

Published: May 17, 2021 / Updated: June 7, 2021

Vulnerability identifier: #VU53307

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-29957

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Thunderbird

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.

How to mitigate CVE-2021-29957

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/

Protection Mechanism Failure in Mozilla Thunderbird - CVE-2021-29957

Detailed vulnerability description

How to mitigate CVE-2021-29957

Sources

Please verify you're human