DEBIAN-CVE-2021-29969

DEBIAN-CVE-2021-29969 PUBLISHED CVSS 5.900000095367432 MEDIUM

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	thunderbird	0, 0, 0
Debian:11	thunderbird	0, 0, 0
Debian:13	thunderbird	0, 0, 0
Debian:14	thunderbird	0, 0, 0

Timeline

Aug 5, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-29969 advisory

Open in Interactive Console →