6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.4%
If a Thunderbird user has previously imported Alice’s OpenPGP key, and
Alice has extended the validity period of her key, but Alice’s updated key
has not yet been imported, an attacker may send an email containing a
crafted version of Alice’s key with an invalid subkey, Thunderbird might
subsequently attempt to use the invalid subkey, and will fail to send
encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.18.04.2 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.20.04.2 | UNKNOWN |
ubuntu | 20.10 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.20.10.2 | UNKNOWN |
ubuntu | 21.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu0.21.04.2 | UNKNOWN |
ubuntu | 21.10 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
ubuntu | 22.10 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
ubuntu | 23.04 | noarch | thunderbird | < 1:78.11.0+build1-0ubuntu2 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-23991
nvd.nist.gov/vuln/detail/CVE-2021-23991
security-tracker.debian.org/tracker/CVE-2021-23991
ubuntu.com/security/notices/USN-4995-1
ubuntu.com/security/notices/USN-4995-2
www.cve.org/CVERecord?id=CVE-2021-23991
www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.4%