Main Vulnerability Database Vulnerabilities #VU53308

#VU53308 Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2021-29956

Published: May 17, 2021 / Updated: June 7, 2021

Vulnerability identifier: #VU53308

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-29956

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Thunderbird

Software vendor:
Mozilla

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to OpenPGP secret keys that were imported using Thunderbird. were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. A local user can gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/

#VU53308 Cleartext storage of sensitive information in Mozilla Thunderbird - CVE-2021-29956

Description

Remediation

External links

Please verify you're human