Published: 22/12/2022 Updated: 04/01/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerability affects Thunderbird < 91.4.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures For the oldstable distribution (buster), these problems have been fixed in version 1:9141-1~deb10u1 For ...

Mozilla Foundation Security Advisory 2021-55 Security Vulnerabilities fixed in Thunderbird 9141 Announced December 21, 2021 Impact moderate Products Thunderbird Fixed in Thunderbird 9141 ...

NVD-CWE-noinfo https://www.mozilla.org/security/advisories/mfsa2021-55/https://bugzilla.mozilla.org/show_bug.cgi?id=1732310 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5034

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-4126

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect