{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "78.10.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2."}], "problemTypes": [{"descriptions": [{"description": "Partial protection of inline OpenPGP message not indicated", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-24T13:16:54", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-22/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673241"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-29957", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "78.10.2"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Partial protection of inline OpenPGP message not indicated"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2021-22/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-22/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673241", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673241"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:18:03.504Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-22/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673241"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-29957", "datePublished": "2021-06-24T13:16:54", "dateReserved": "2021-04-01T00:00:00", "dateUpdated": "2024-08-03T22:18:03.504Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2DF6E3A-0B84-480C-841C-8A6270BEC798", "versionEndExcluding": "78.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2."}, {"lang": "es", "value": "Si un correo electr\u00f3nico codificado con MIME contiene una parte del mensaje firmada o cifrada con OpenPGP en l\u00ednea, pero tambi\u00e9n contiene una parte adicional no protegida, Thunderbird no indicaba que s\u00f3lo algunas partes del mensaje estaban protegidas. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 78.10.2"}], "id": "CVE-2021-29957", "lastModified": "2024-11-21T06:02:03.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-06-24T14:15:10.110", "references": [{"source": "[email protected]", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673241"}, {"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-22/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1673241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-22/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2263", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:78.11.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-06-07T00:00:00Z"}, {"advisory": "RHSA-2021:2264", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:78.11.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-07T00:00:00Z"}, {"advisory": "RHSA-2021:2262", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:78.11.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-06-07T00:00:00Z"}, {"advisory": "RHSA-2021:2261", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:78.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-06-07T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Partial protection of inline OpenPGP message not indicated", "id": "1961503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961503"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-347", "details": ["If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2."], "name": "CVE-2021-29957", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2021-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-29957\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29957"], "threat_severity": "Low", "upstream_fix": "thunderbird 78.10.2"}