Main Vulnerability Database Vulnerabilities #VU53308

Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2021-29956

Published: May 17, 2021 / Updated: June 7, 2021

Vulnerability identifier: #VU53308

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-29956

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Thunderbird

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to OpenPGP secret keys that were imported using Thunderbird. were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. A local user can gain access to sensitive information.

How to mitigate CVE-2021-29956

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/

Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2021-29956

Detailed vulnerability description

How to mitigate CVE-2021-29956

Sources

Please verify you're human