CVE-2021-4126

2022-12-2220:15:00

Debian Security Bug Tracker

security-tracker.debian.org

0.001 Low

EPSS

Percentile

29.6%

JSON

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting with Thunderbird version 91.4.1, only the signature that belongs to the top level MIME part will be considered for the displayed status. This vulnerability affects Thunderbird < 91.4.1.

OSVersionArchitecturePackageVersionFilename
Debian12allthunderbird< 1:91.4.1-1thunderbird_1:91.4.1-1_all.deb
Debian11allthunderbird< 1:91.4.1-1~deb11u1thunderbird_1:91.4.1-1~deb11u1_all.deb
Debian10allthunderbird< 1:91.4.1-1~deb10u1thunderbird_1:91.4.1-1~deb10u1_all.deb
Debian999allthunderbird< 1:91.4.1-1thunderbird_1:91.4.1-1_all.deb
Debian13allthunderbird< 1:91.4.1-1thunderbird_1:91.4.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	thunderbird	< 1:91.4.1-1	thunderbird_1:91.4.1-1_all.deb
Debian	11	all	thunderbird	< 1:91.4.1-1~deb11u1	thunderbird_1:91.4.1-1~deb11u1_all.deb
Debian	10	all	thunderbird	< 1:91.4.1-1~deb10u1	thunderbird_1:91.4.1-1~deb10u1_all.deb
Debian	999	all	thunderbird	< 1:91.4.1-1	thunderbird_1:91.4.1-1_all.deb
Debian	13	all	thunderbird	< 1:91.4.1-1	thunderbird_1:91.4.1-1_all.deb