CVE-2021-23991 Vulnerability Details

  /     /     /  

CVE-2021-23991 Metadata Quick Info

CVE Published: 24/06/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: mozilla | Vendor: Mozilla | Product: Thunderbird
Status : PUBLISHED

CVE-2021-23991 Description

If a Thunderbird user has previously imported Alice\'s OpenPGP key, and Alice has extended the validity period of her key, but Alice\'s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice\'s key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: An attacker may use Thunderbird s OpenPGP key refresh mechanism to poison an existing key
Source: Mozilla

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-23991 Vulnerability Details