CVE-2021-29956

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29956

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29956.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-29956

Downstream

DEBIAN-CVE-2021-29956

DLA-2679-1

DSA-4927-1

RHSA-2021:2261

RHSA-2021:2262

RHSA-2021:2263

RHSA-2021:2264

SUSE-SU-2021:1854-1

UBUNTU-CVE-2021-29956

USN-4995-1

USN-4995-2

openSUSE-SU-2021:1854-1

openSUSE-SU-2024:10601-1

Related

Published

2021-06-24T14:15:10Z

Modified

2025-08-09T20:01:26Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.

References

Affected packages