DEBIAN-CVE-2021-29956

DEBIAN-CVE-2021-29956 PUBLISHED CVSS 4.300000190734863 MEDIUM

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	thunderbird	0, 0, 0
Debian:13	thunderbird	0, 0, 0
Debian:12	thunderbird	0, 0, 0
Debian:11	thunderbird	0, 0, 0

Timeline

Jun 24, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-29956 advisory

Open in Interactive Console →